In a message to us by khalifax (who also hacked into Colegio San Agustin), he sent us the link of the vulnerable to SQL injection part. It appears the attacker successfully bypassed the web application firewall implemented in the website.
With little variation of blocked “union select” command, khalifax extracted the database of the website, including the users table that contains web admin accounts.
Currently, when the website is visited, messages will pop out: “owned by kh4lifax and phthonos” “patch your site admin” “greeting Mr. Gene De Guzman”
A logo of Phantom hackers can also be seen in the website’s home page.