Home / Defacement / Local hacker says “Lulz” to LBC’s security

Local hacker says “Lulz” to LBC’s security

One of the leading cargo and courier services in the country, LBC express,  suffers website security hack as one local hacker penetrated its website.

The hacker who identified himself as “Kh4lifax” managed to upload his own php file containing his messages.

“LBC? Upgrade you security Lulz.  Where’s the security? ,” the hacker writes.

When contacted, he revealed that this is not just an ordinary defacement, a web application that is shelled, but a full take over.

Kh4lifax explained, he made his way through a SQL injection vulnerability and gained the root user.

He provided me screenshots of the site’s tables from accordingly databases, lbc_dbl and bc_read.

Currently, the defacement can still be accessed publicly.

About Clifford Trigo

I am Clifford Trigo a proud Boholano / Pinoy / Filipino Web App Security Researcher. Day by day, I'm learning new things :)) Visit my Hackerone Profile, currently at top 2 overall :D