Security Company Barracuda Networks Database Hacked by fdf (hmsec.org cr3w) via SQL Injection Attack
The good news is the information compromised was essentially just names and email addresses, and no financial information is even stored in those databases. Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords. However, all active passwords for applications in use remain secure.
The bad news though, was what led to the compromise by the hacker. The Barracuda Web Application Firewall (WAF) in front of the Barracuda Networks Web site was unintentionally placed in passive monitoring mode and was offline through a maintenance window that started Friday night (April 8 ) after close of business Pacific time. Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling the Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.
Full Disclosure:Barracuda Networks Hacking via SQL Injection.
LIST OF DATABASES:
new_barracuda
information_schema
Marketing
barracuda
black_ips
buniversity
bware
co-op
collections
cuda_car
cuda_stats
dev_new_barracuda
igivetest
igivetest_bk1_aug10
igivetestsucks
kb_solutions
leads
mysql
new_barracuda
new_barracuda_archive
php_live_chat
phpmyadmin
DB NAME: NEW_BARRACUDA
TABLE NAME: DEAL_REG
DATA COUNT: Count(*) of new_barracuda.deal_reg is 17549
SAMPLE DATA:
DB NAME: NEW_BARRACUDA
TABLE NAME: CMS_LOGINS
DATA COUNT: Count(*) of new_barracuda.cms_logins is 251
DATA:
DB NAME: NEW_BARRACUDA
TABLE NAME: BUNIVERSITY_USERS
DATA COUNT: Count(*) of new_barracuda.buniversity_users is 35
DATA:
DB NAME: MYSQL
TABLE NAME: USER
DATA COUNT: Count(*) of mysql.user is 23
DATA:
0 Visitor Reactions & Comments:
Post a Comment