MySQL Injection, ranked A1 in the 2017 OWASP Top 10, is an avoidable vulnerability found in web applications that do not properly sanitize user input. In a recent engagement, Lapidux performed incident response for a website indexing content for pages in a MySQL database. The website was compromised and defaced by an Indonesian team calling themselves Mine7/SharkXploiter Crew. The team used nothing more than open source tools (SQLMap) and slightly modified webshells.
We dealt with both webshells, fixed the vulnerablities by replacing all MySQL queries with prepared statements and escaping user input, and pushed the changes to the site. We have not seen another attack up to the time of publishing, which is a stark improvement from when the client initially reached out, at which point they had experienced 3 compromises in less than 48 hours.
Read the full story