The hacker who identified himself as “Kh4lifax” managed to upload his own php file containing his messages.
“LBC? Upgrade you security Lulz. Where’s the security? ,” the hacker writes.
When contacted, he revealed that this is not just an ordinary defacement, a web application that is shelled, but a full take over.
Kh4lifax explained, he made his way through a SQL injection vulnerability and gained the root user.
He provided me screenshots of the site’s tables from accordingly databases, lbc_dbl and bc_read.
Currently, the defacement can still be accessed publicly.