[快讯]雅虎45万用户数据泄露

2012-07-12 149911人围观 ,发现 10 个不明物体 资讯

D33Ds公司今天(7月12日)曝光了45万雅虎用户数据。黑客称利用union-based SQL注入漏洞获得了XXX.yahoo.com的用户数据。其中包括453492条用户数据记录,超过2700个数据库表和列名,298个MySQL参数。在曝光的数据中有一条HOSTNAME =>> dbb1.ac.bf1.yahoo.com该域名属于Yahoo Voice应用。因此很可能就是Yahoo Voice应用被成功入侵了。

#######################################
#[ - Owned and Exposed - ]       #
# Brought to you by the D33Ds Company #
#                                     #
# Target: <censored>.yahoo.com        #
# Method: Union-based SQL Injection   #
#                                     #
#######################################
-------------
Jump to:


1. MySQL Variables
2. Database/Table/Column Names
3. email:pass dump (450k users)
4. Final Notes
-------------






1. MySQL Variables
------------------


MAX_PREPARED_STMT_COUNT =>> 16382
CHARACTER_SETS_DIR =>> /home/y/share/mysql/charsets/
HAVE_CRYPT =>> YES
CONNECT_TIMEOUT =>> 10
......


2. Database/Table/Column Names
-------------------------------


[ * ] schema_name ==> table_name :::: column_name




information_schema =>> CHARACTER_SETS :::: CHARACTER_SET_NAME 
information_schema =>> CHARACTER_SETS :::: DEFAULT_COLLATE_NAME 
information_schema =>> CHARACTER_SETS :::: DESCRIPTION 
information_schema =>> CHARACTER_SETS :::: MAXLEN
......
3. email:pass dump (450k users)
--------------------------------


count() = 453491




user_id   :  user_name  : clear_passwd : passwd

1:ac1@associatedcontent.com:@fl!pm0de@
4:john@associatedcontent.com:pass
5:steveol@flash.net:steveol
6:chotzi@aol.com:chotzi
....
366641:colinware7998674@gmail.com:uplgmotv

http://burnbit.com/torrent/206849/yahoo_disclosure_txt

发表评论

已有 9 条评论

取消
Loading...
css.php