MySQL and Oracle’s Sun Fall to SQL Injection Attack

Proving that no one is immune to security breaches, both and Oracle’s have fallen to SQL injection attacks. The attackers exposed all the databases on, and compromised two Sun subdomains.

Over the weekend, “TinKode and “NeOh,” two Romanian hackers, hit and They grabbed table names, column names and email addresses from one of the tables. So far, it’s unclear whether the hackers also possess a list of usernames and passwords from the site. They did obtain this information from, and posted it online.

According to Chester Wisniewski, a Sophos senior security advisor, the way the open source software was coded led to the vulnerability. “Auditing your Websites for SQL injection is an essential practice, as well as using secure passwords," he wrote on the Naked Security blog.

Specifically, both the and sites have cross-site-scripting vulnerabilities, some of which came to light as recently as January. The particular attack used by the hackers allowed them to get at little bits of information at a time and put the information together. This is why hiding SQL errors from an attacker is not good enough if you’re trying to secure your website.

For more on this, check

{mospagebreak title=}

[gp-comments width="770" linklove="off" ]

chat sex hikayeleri Ensest hikaye