A hacker with online handle QuisterTow has claimed to have identified a critical SQL Injection vulnerability in Agoco website(agoco.com.ly) - Arabian Gulf Oil Company based in Benghazi, Libya, engaged in crude oil and natural gas exploration, production and refining.
The hacker exploit this vulnerability and managed to dump the database from the server. He has leaked the login credentials from the database along with the database details.
The leak(pastebin.com/8HLiDqVt ) contains usernames and passwords of admin and few users. The password used by admin is very weak one and leaked in plain-text format.
The hacker also provided the vulnerable link along with the proof-of-concept to exploit this SQL injection vulnerability that lists the username &password information.