Royal Bank of Scottland Group might be feeling a bit exposed this afternoon…
RBS WorldPay, a system that processes millions of payments daily has been compromised. It looks like the database is just dying to give up names, credit card numbers, email addresses, and all sorts of juicy information to whoever asks for it. Unu has a great write up of the vulnerability with plenty of juicy screenshots on his blog.
Here is a real kicker for you:
The next picture is awesome, but really what we see. In the picture appear user, host and password in mysql database, user table. But look well to the first user webphp, surrounded me. We have % to host and NOTHING in the password !!! I mean we have a user password NULL and % to host, that means that we can log on his account, the MySQL server without password, from any IP.
There is also some fun poked at Bill Gates which never hurts.