Team Hav0k found SQLi vulnerability in government sites : #OP RETURN

After a team member found SQLi vulnerabilities in .gov's and .edu's last year and didn't exploit them, they went back in a op they are calling RETURN to this time go back and exploit them. It turned out that the .edu's patched up the vulns but the .gov's didn't do so.

TeamHav0k managed to dump the DataBases of

• jigawastate.gov.ng
• ojj.la.gov
• multan.gov.pk
• pdma.gov.pk
• gjtmap.gov.pk

Pastebin Link:
http://pastebin.com/WwukETJ7

The pastebin contains a download like to uppit.com of the .txt file that contains the Databases, aswell as 2 XSS's (not part of the op) on songfacts and cnet.com, the .txt that contains the DB dumps of the OP and the XSS's has a short statement about it from one of the team members.

Submitted by: TeamHav0k Spokesman