DOLE website vulnerable to hackers !
A hacker with Codename "No.One" release some vulnerability regarding DOLE via a pastebin post. We analyse it & Explaining the possible Security Breach. Hackers Find a vulnerable site on 125.5.39.135 , which having two domains on it :
https://www.dole.gov.ph/ Official Website of the Department of Labor and Employment - Republic of Philippines . Is it vulnerable ?
Yes ! see : https://www.dole.gov.ph/secondpage.php?id=2113' . Its SQL injection . Now Hacker is able to get database from this site . For example the current database name is "dolews_4a351sd" and Hacker also may be able to upload to upload shell on server using this.
This Attack may lead to rooting of 125.5.39.135 Server, Which also other sites. Hackers may be able to deface the site or can steal source code too.
This Report is submitted by "No.One" Hacker and Presented by THN. Thank You !