Home / Cyber Crime / User information of Congress.gov.ph leaked
xl3gi0n

User information of Congress.gov.ph leaked

Two hackers assumed to be from xlegion hacking group, xW3s13y & TheOwnerAl, has hacked into the official website of House of Congress in which user information are leaked.


As can be seen in the leaked information, the website is vulnerable to the most known web vulnerability SQL injection. It is a kind of attack that consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. –owasp.

Much information are leaked from www.congress.gov.ph, it includes the information of 5 tables and personal data such as user birthday, birthplace, religion, bloodtype, and spouse.


Leak

Pinoyhacknews did asked xW3s13y exclusively of their reasons behind targeting the website of the congress. And according to him, it serves as proof that the website is really vulnerable since the web admin of congress.gov.ph does not pay attention when he informed them.

You can see it yourself by clicking in this link.

About Clifford Trigo

I am Clifford Trigo a proud Boholano / Pinoy / Filipino Web App Security Researcher. Day by day, I'm learning new things :)) Visit my Hackerone Profile, currently at top 2 overall :D