RockYou Hacked – 32 Million Account Passwords Potentially Exposed

RockYou has suffered a serious hacker attack that has exposed 32 million of its customer usernames and passwords to possible identity theft. And it has apparently taken RockYou more than 10 days to inform its users of the breach. The security firm Imperva informed RockYou that its site had a serious SQL injection flaw, according […]

Continue Reading

SQL Injection Attack Claims 132,000+

A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits […]

Continue Reading

Symantec Online Store Hacked

Symantec Exposed Passwords, Serials – SQL Injection, Full Database Access A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit […]

Continue Reading

mysqloit – SQL Injection Takeover Tool

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Linux, Apache,MySql,PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack of multiple statements […]

Continue Reading