Anonymous is developing a new DDoS tool. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website.
Previously, Low Orbit Ion Canon (LOIC) was the go to weapon for Anonymous supporters during protests against dictators in North Africa, and Operation: Payback. However, LOIC is also the reason scores of people have been arrested in the last year, so many feel its time is at an end.
The new tool, called #RefRef, is set to be released in September, according to an Anon promoting it on IRC this afternoon. Developed with JavaScript, the tool is said to use the target site’s own processing power against itself.
This is actually the Anonymous Video announcing the #RefRef Tool:
http://www.youtube.com/watch?v=89ET5PH1kMc
This is a snapshot of the perl source code of the #RefRef:
http://www.refref.org/p/refref.html
It seems not to crash the MySQL daemon it just seams to do what the benchmark function is suppose to do, it evaluate the expression 0x70726f62616e646f70726f62616e646f70726f62616e646f 99999999999 times which will take a lot of time. And 0x70726f62616e646f70726f62616e646f70726f62616e646fis the ASCII string "probandoprobandoprobando" ("probando" is the latin word for "proving").
So the original problem is to make sure your are protected against SQL-injection which should be quite easy if you use some sane database abstraction and don't build your own SQL queries with string concatenation etc.
So make sure your website does not have SQL injection or deploy a WAF in front of your production website.
The benchmark function seems to be a MYSQL function so only websites with MySQL backend databases are vulnerable.
And the good old SQL-i vulnerability comes back!
Comments Off
Entries (RSS)