LulzSec Argentina hacktivist has managed to identify multiple security flaws in the Teleton Colombia website(www.teleton.org.co) - fundraising event broadcast on television.
The hacker managed to exploit the SQL Injection vulnerability in the website and extracted the database. He dumped the database in a paste (pastebin.com/hY4ibzmn).
The leak contains personal information including names, date of birth, email addresses, usernames.
The hacker leaked the admin user id and password(plain-text) in one of the tweet posted in his official twitter account.
He also identified a Non-persistent Cross site scripting vulnerability in the Teleton.org.co. POC Code :
teleton.org.co/buscar/articulo/?texto=1<ScRiPt >prompt(910244)</ScRiPt>
