usa.kaspersky.com hacked … full database acces , sql injection
Saturday 7, 2009
Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases.
Seems incredible but unfortunately, its true.
Alter one of the parameters and you have access to EVERYTHING: users, activation codes, lists of bugs, admins, shop, etc.
First, lets see the version, user and name of the database.
User host & password for mysql.user
This time I will not (for reasons that need no explanation) publish any screenshot with containing personal details or activation code.
I will only make public the names of the tables.
Though the list is long, the table are very interesting.
codesusersvouchersaffectstablebugs_settingsbugshistorybugstablebuildscategoriescommentstablecomputertableeditionsfilestablefrontpagegrouptableignoretablemilestonespakspmtablepriorityrepfielddetailrepfieldsrepfieldsetrepoptiondetailrepoptionsrepquickseveritystatustablesubstableuserstableadmin_usersbest_buycmscyberCrimeRegsemail_listfr_linkfr_link_importinterview_requestk_test_userskbfaqkbfaq_importkbrubkbrub_bukbrub_importlogin_statsmenumenu_relationsmenusnodepartnerspartners_buportal_cms_prod_annportal_cms_recent_articlesportal_cms_whats_newportal_product_ordersproduct_namesretail_login_statsretail_partnersretail_usersse_login_statsse_partnersse_userssetupshopping_com_salessmnr_itemssmnr_items_butrialstrials_butrials_downloaded_newtrials_rptsusersusers_buit_hardwareactivation_code_problemadmin_usersbest_buycmscyberCrimeRegse5usersemail_listfr_linkfr_link_bufr_link_importinterview_requestk_test_userskbfaqkbfaq_bukbfaq_importkbrubkbrub_bukbrub_importkbtop_poplogin_statsmenumenu_relationsmenusms_crm_filesms_crm_files_supportms_crm_intermediaryms_crm_intermediary_bums_crm_intermediary_supportnodeopt_outpartnerspartners_buportal_cms_prod_annportal_cms_recent_articlesportal_cms_whats_newproduct_namesretail_login_statsretail_partnersretail_usersse_login_statsse_partnersse_userssetupshopping_com_salessmnr_eventssmnr_itemssmnr_items_butest_userstest_users_newtrialstrials_butrials_downloadedtrials_downloaded_newtrials_rptsusersusers_buvirus_watchcolumns_privdbfunchelp_categoryhelp_keywordhelp_relationhelp_topichostprocprocs_privtables_privtime_zonetime_zone_leap_secondtime_zone_nametime_zone_transitiontime_zone_transition_typeusercodesstoresstores_buusers
And another picture with the colons name , and the name of userstable table.
Don’t forget to check our new article about same problem in bitdefender portugal.
No comments:
Post a Comment