Grey Security or @gsec_ has dumped a table of authors from the site www.ucsd.edu. This includes names, e-mails and the affiliation with the University of San Diego.
The University of California, San Diego (also referred to as UC San Diego or UCSD) is a publicresearch university located in the La Jolla neighborhood of San Diego, California, United States.[6] The university occupies 2,141 acres (866 ha) near the coast of the Pacific Ocean with the main campus resting on approximately 1,200 acres (490 ha).[7]
It is one of America’s Public Ivy universities, which recognizes top public research universities in the United States. UCSD is the seventh oldest of the ten University of California campuses, and offers over 200 undergraduate and graduate degree programs, enrolling about 23,700 undergraduate and about 6,200 graduate students from the United States and around the world. Undergraduate education is organized into six residential colleges, each with its own curricular focus.
They dumped the tables to Pastebin, and publicized their hack via twitter.
https://twitter.com/gsec_/status/282564850104811520
In the Pastebin post, they list their motives and the vulrnbility they found and exploited.
#Target: www.ucsd.edu / University California - San Diego. #Their Vulnerability: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: name=CyThesaurus-ID-Mapping' AND (SELECT 1415 FROM(SELECT COUNT(*),CONCAT(0x3a796c733a,(SELECT (CASE WHEN (1415=1415) THEN 1 ELSE 0 END)),0x3a7278663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'htkh'='htkh (Among others)
