Tuesday , March 28 2023
Breaking News
Home / Vulnerability / User credentials of Philippine Navy leaked by Pre Hacker

User credentials of Philippine Navy leaked by Pre Hacker

Clifford Trigo July 21, 2013 Vulnerability Leave a comment 746 Views


Over 50 member login credentials and 1 admin credential is leaked by the infamous local website penetration tester, “Pre hacker.

According to the him, there is a SQLi vulnerability on the official website of navy (www.navy.mil.ph). The SQL injection flaw allows the hacker to dump the usernames and passwords on a single query.

http://www.navy.mil.ph/alcaraz/blog_full.php?news_id=-1012 UNION SELECT 1,2,3,4,group_concat(username,0x3a,password),6,7,8,9,10,11,12,13,14 from tbl_users–

The leak includes user’s email addresses, usernames and encrypted passwords reaching up to more than 50+ lines.

In a separate post, Pre hacker has also leaked the tables of the same database.

Tags

About Clifford Trigo

I am Clifford Trigo a proud Boholano / Pinoy / Filipino Web App Security Researcher. Day by day, I'm learning new things :)) Visit my Hackerone Profile, currently at top 2 overall :D
Clifford Trigo : Web Application Security Researcher :)
© Copyright 2023, https://www.pinoyhacknews.com!