Actu
Imperva: 210,000 Swedish login hack likely to be via SQL injection
October 2011 by Marc Jacob
It was reported yesterday that Sweden experienced the biggest security breach in the country’s history. Nearly 210,000 login details from nearly 60 websites were compromised. About 90,000 of these accounts were taken from a Swedish blogging service and posted through a compromised Twitter account belonging to an MP. The hack was apparently through an underlying platform vulnerability.
Imperva Hacker Intelligence Initiative (HII) has looked into whether the hack could be a SQL injection attack.
How to determine if a hack is done via SQL Injection
To begin, start with the exploited site "bloggtoppen.se." If you conjecture that it was via SQL injection, simply do a Google search combining the site name with some relevant SQL injection terms, such as "union select dump"
The first link that Google returns is Flashback.org, a popular Swedish site - ranked #39 in Sweden by Alexa (http://www.alexa.com/siteinfo/flashback.org ).
This first link also takes you to a discussion regarding what Google Translate calls "safety" which probably better translated as "vulnerability". By looking at this page courtesy Google caching, you see the role of SQL injection very clearly
Looking further into this, the HII can see the role of Havij, an automated SQL injection tool that was detailed in their study on SQL injections
