Romanian Duo Hacks

Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:34:52


The Web site and other Web servers belonging to Oracle Corp.’s Sun Microsystems division were compromised on Sunday by Romanian hackers who took advantage of a SQL injection vulnerability in an application running on the server.

A group of Romanian hackers using the handles TinKode and Ne0h broke into the Web servers hosting, the main Web site for the open source database product, as well as sister sites for the French, German, Italian and Japanese markets. The hackers posted account credentials for administrators, including the account credentials for Robin Schumacher, MySQL’s Director of Product Management, and Kaj Arnö, MySQL’s VP of Community and others.

In a post claiming responsibility for the hack, the two hackers said they attacked a parameter on an application running on the Web sites that was vulnerable to SQL Injection. Other MySQL installations were not believed to be vulnerable to the attack, assuming they are not running the same application, said Stefan Tanase, a security researcher at Kaspersky Lab.

The vulnerability isn’t the first disclosed for the domain, which supports the global community of developers working on the MySQL database. In January, Tinkode also published information on a cross site scripting vulnerability on the same Web domain. Tanase said the duo have taken responsibility for other high profile compromises, but are not believed to be malicious hackers, but are quick to disclose vulnerabilities, often not giving the affected party time to plug the hole before it is disclosed or compromised.

SQL injection vulnerabilities allow remote attackers to compromise the security of SQL databases and, in some cases, gain remote access to the database and its content. They work by injecting malicious SQL code into user input statements (for example: Web forms) that are incorrectly filtered by the application.

SQL injections are the most common type of Web borne attack and have played a central role in recent high-profile breaches, including the compromise of DC security vendor HB Gary.