Search This Blog

Showing posts with label WilyXem. Show all posts

Brazil Navy and Pakistan Army websites hacked by SQL Injection


These security breaches are going to be next examples for the Government careless about the cyber security.  The hacker @WilyXem found two more Army websites are vulnerable to SQL Injection.

Brazilian Navy and Pakistan Army websites are found to be affected by the SQL Injection vulnerability.  The hacker tweeted few links that contains the proof-of-concepts(http://sprunge.us/ZUHM, sprunge.us/ZdKY, sprunge.us/CJGO)

The vulnerability exists in the Board of Historic & Documentation Navy(biblioteca.dphdm.mar.mil.br), Department of Distance Education(ead.densm.mar.mil.br) and Pakistan Army(www.pakistanarmy.gov.pk).

The POCs exposes the target database details including database name, database version and table details.

The same hacker yesterday hacked into the Royal Thai Navy website and leaked the login information from the database.


Royal Thai Navy website hacked with SQL Injection vulnerability



Cyber space poses an important role in the national security. A country should also remember to provide security in cyber space.   But the government fails to concentrate on cyber security that lefts most of the government sites vulnerable to hack.

The security breach of Royal Thai Navy website(www.navy.mi.th) is best example for this - the navy of Thailand and part of the Royal Thai Armed Forces.

A hacker with twitter handle @WilyXem has discovered a SQL Injection vulnerability in the Thailand navy website.   He managed to exploit the vulnerability and compromised the target database.

Earlier today, the hacker posted a link to the dump in twitter(sprunge.us/YHHf). The dump contains database details including database name, version, table details.  He also provided a Proof-of-Concept of the SQL injection vulnerability.

The hacker also leaked 3 tables namely membern, personalacc, personalacc1 that contains username and passwords in plain-text format.

It is really sad to know that the passwords are being stored in plain-text format. But it won't take much time for a hacker to crack, even if there is an encryption.  Because they use very weak password.