Sony France website(sony.fr) found to be vulnerable to SQL Injection vulnerability that allows hackers to compromise the data. The vulnerability was identified by a hacker from xl3gi0n hackers group.
Sony Corporation commonly referred to as Sony, is a Japanese multinational conglomerate corporation headquartered in Kōnan Minato, Tokyo, Japan. Its diversified business is primarily focused on the electronics, game, entertainment and financial services sectors.
The vulnerability has been discovered in the Sony Computer Science Laboratory (csl.sony.fr). The Vulnerable link provided by the hackers:
www.csl.sony.fr/~pachet/markov_applet_style/get_lyrics.php?auth=10,000 Maniacs&id=1Hacker claims that he reported about the vulnerability to sony and get rewarded for his finding.
At the time of writing, I am not able to reach the csl.sony.fr. It appears that the admin has taken the website offline.
The xl3gi0n hackers has breached one of the NASA subdomain ( Lunar Science Forum 2010) and compromised the database server. The hackers leaked the stolen data in pastebin.
The leak(pastebin.com/HdFLpEMH) contains the email addresses, plain-text passwords, name of the user. The leak also contains admin details including username, encrypted password.
There are three admin username and password listed in the leak. Hackers managed to crack the two out of three passwords and published the plain-text format of the password.
"This is why i were arrested the first time. hope you come and arrest me again cuz there are some files that will be leaked " Hacker said in the leak.
The hackers breached the database server by exploiting SQL Injection vulnerability. In an Email send to EHN, hacker provided the vulnerable link of the target website. Hacker requested me not to publish the vulnerable link.
A hackers from the hacker collective named as xl3gi0n hackers claimed to have breached the database of 10 Government websites, as part of their ongoing operation called "#OpLeak".
They have leaked the database belong to Government websites of different countries in pastebin (pastebin.com/56FFtkcn)
"#opleak is AN operation created by xl3gi0n hackers IN which we leak more THAN 1000 database to show the world that they need more security" The hacker said.
The hacked sites are from Ukraine, Italy, Nigeria, china. The leak contains username, encrypted passwords, mail address. Few sites contain plain text passwords.