IT技术互动交流平台

雅虎45万用户数据泄露

发布日期:2012-07-12 18:57:09
D33Ds公司今天(7月12日)曝光了45万雅虎用户数据。黑客称利用union-based SQL注入漏洞获得了XXX.yahoo.com的用户数据。其中包括453492条用户数据记录,超过2700个数据库表和列名,298个MySQL参数。在曝光的数据中有一条HOSTNAME =>> dbb1.ac.bf1.yahoo.com该域名属于Yahoo Voice应用。因此很可能就是Yahoo Voice应用被成功入侵了。

#######################################
#[ - Owned and Exposed - ]       #
# Brought to you by the D33Ds Company #
#                                     #
# Target: <censored>.yahoo.com        #
# Method: Union-based SQL Injection   #
#                                     #
#######################################
-------------
Jump to:

1. MySQL Variables
2. Database/Table/Column Names
3. email:pass dump (450k users)
4. Final Notes
-------------

1. MySQL Variables
------------------

MAX_PREPARED_STMT_COUNT =>> 16382
CHARACTER_SETS_DIR =>> /home/y/share/mysql/charsets/
HAVE_CRYPT =>> YES
CONNECT_TIMEOUT =>> 10
......

2. Database/Table/Column Names
-------------------------------

[ * ] schema_name ==> table_name :::: column_name

information_schema =>> CHARACTER_SETS :::: CHARACTER_SET_NAME
information_schema =>> CHARACTER_SETS :::: DEFAULT_COLLATE_NAME
information_schema =>> CHARACTER_SETS :::: DESCRIPTION
information_schema =>> CHARACTER_SETS :::: MAXLEN
......
3. email:pass dump (450k users)
--------------------------------

count() = 453491

user_id   :  user_name  : clear_passwd : passwd

1:ac1@associatedcontent.com:@fl!pm0de@
4:john@associatedcontent.com:pass
5:steveol@flash.net:steveol
6:chotzi@aol.com:chotzi
....
366641:colinware7998674@gmail.com:uplgmotv 


延伸阅读:

Tag标签: 雅虎数据泄露  
  • 专题推荐

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规