The Hacker News
Cybersecurity

Kosova Hacker's Security group today release very sensitive server info of "The National Weather Service", which was gathered due to a "Local file inclusion" Vulnerability in weather.gov .

By definition, Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected.

Hackers publish complete data in a pastebin file uploaded today, but the hack was performed two day back and in meantime, server administrator fix the vulnerability.

We just talk with the hacking crew to know the reason of hack and data exposure, one of them explain that they are against US policies, who are targeting muslim countries. "They hack our nuclear plants using STUXNET and FLAME like malwares , they are bombing us 24*7, we can't sit silent - hack to payback them"

Hacker expose data from sensitive files :
/etc/passwd
/etc/groups
/etc/hosts
/etc/samba/dhcp.conf
/etc/apache2/conf.d
/proc/version
/proc/cpuinfo
/proc/self/mounts
/proc/self/status
/proc/self/stat
/etc/security/access.conf
/etc/ldap/ldap.conf
/etc/cups/printers.conf
/etc/gconf
/etc/syslog.conf
/etc/snmp/snmpd.conf
/share/snmp/snmpd.conf
/etc/ca-certificates.conf
/etc/mysql/conf.d
/etc/security/limits.conf
/etc/security/group.conf

For a server administrator this information is very sensitive, whereas for a Hacker this information could be too much juicy like members of /bin/bash shell are root, cmccan, darnold, mstrydom, nscanner who can login via console. That means, hackers can try to brute force there usernames against password list to compromise whole server.

In their note hackers wrote, "Months ago in the American media write that as Americans have in the field control cybernetics Muslim country servers. We as an organization have taken the order we receive checks in some American servers as it is one of to Weather.Gov. We do not want Americans to take control servers Muslim country .We have infected computers with botnets very few organizations that deal with anti-Muslim purposes. We will soon publish the many other things the U.S. government and we will never stop year after year . This is our mission ."

UPDATE: A 'The Hacker News' Reader - Chirag Singh just reported another vulnerability in same site. This time its Cross site scripting, Proof of concept is as shown below in screenshot.
The Hacker News


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.