Teleton Colombia database hacked by LulzSec Argentina


LulzSec Argentina hacktivist has managed to identify multiple security flaws in the Teleton Colombia website(www.teleton.org.co) -   fundraising event broadcast on television.

The hacker managed to exploit the SQL Injection vulnerability in the website and extracted the database.  He dumped the database in a paste (pastebin.com/hY4ibzmn).

The leak contains personal information including names, date of birth, email addresses, usernames.

The hacker leaked the admin user id and password(plain-text) in one of the tweet posted in his official twitter account.

He also identified a Non-persistent Cross site scripting vulnerability in the Teleton.org.co. POC Code :
teleton.org.co/buscar/articulo/?texto=1<ScRiPt >prompt(910244)</ScRiPt>
Category: / / / / /

Share this with Your friends: