Skip to main content

MySQL Here, MySQL there, SQL Injection Everywhere..

It appears that part of the MySQL website has been compromised again, this time by the hacker D35M0ND142 using SQL injection, to recover user credentials from the MySQL blog (see here).

This will be another further embarrassment for MySQL and are yet to issue another security notice as they did in September, when the site was injected with a iframe script, that redirected was users to a malware drop site for the black hole exploit.

SQL injection yet again appears to be the flavor of the month with TeaMp0isoN and Anonymous using it as an attack vector to compromises financial institutes and banks as part of OpRobinHood.