Sunday, November 19, 2017
Home / Public / www.ucsd.edu Breached by Grey-Security

www.ucsd.edu Breached by Grey-Security

Grey Security or @gsec_ has dumped a table of authors from the site www.ucsd.edu.  This includes names, e-mails and the affiliation with the University of San Diego.

The University of California, San Diego (also referred to as UC San Diego or UCSD) is a publicresearch university located in the La Jolla neighborhood of San Diego, California, United States.[6] The university occupies 2,141 acres (866 ha) near the coast of the Pacific Ocean with the main campus resting on approximately 1,200 acres (490 ha).[7]

It is one of America’s Public Ivy universities, which recognizes top public research universities in the United States. UCSD is the seventh oldest of the ten University of California campuses, and offers over 200 undergraduate and graduate degree programs, enrolling about 23,700 undergraduate and about 6,200 graduate students from the United States and around the world. Undergraduate education is organized into six residential colleges, each with its own curricular focus.

They dumped the tables to Pastebin, and publicized their hack via twitter.

In the Pastebin post, they list their motives and the vulrnbility they found and exploited.

#Target: www.ucsd.edu / University California - San Diego.
 #Their Vulnerability:
MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: name=CyThesaurus-ID-Mapping' AND (SELECT 1415 FROM(SELECT COUNT(*),CONCAT(0x3a796c733a,(SELECT (CASE WHEN (1415=1415) THEN 1 ELSE 0 END)),0x3a7278663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'htkh'='htkh
 (Among others)

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …