Please include the list when replying. On Saturday, Dec 27, 2014 at 4:45 pm, georg chambert <georg.chambert@xxxxxxxxx>, wrote: Interresting, tnx, as a bit security novice, do I get it right that the apache mod_MySql opens up for Sql to logg on to ftp with NO password with a strange Sql user name ? No. The initial attack vector used was an FTP server that uses MySQL to store user details. The “strange SQL user name” you see is an SQL injection attack that’s possible because the MySQL code being used is not secure. Further reading: http://www.exploit-db.com/exploits/8037/ That vulnerability allows the attacker to find the FTP user which can write to the web root, allowing them to upload PHP files that enable further intrusion into the network behind the web server. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/
