Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label LulzSec Argentina. Show all posts

Teleton Colombia database hacked by LulzSec Argentina


LulzSec Argentina hacktivist has managed to identify multiple security flaws in the Teleton Colombia website(www.teleton.org.co) -   fundraising event broadcast on television.

The hacker managed to exploit the SQL Injection vulnerability in the website and extracted the database.  He dumped the database in a paste (pastebin.com/hY4ibzmn).

The leak contains personal information including names, date of birth, email addresses, usernames.

The hacker leaked the admin user id and password(plain-text) in one of the tweet posted in his official twitter account.

He also identified a Non-persistent Cross site scripting vulnerability in the Teleton.org.co. POC Code :
teleton.org.co/buscar/articulo/?texto=1<ScRiPt >prompt(910244)</ScRiPt>