14 DAY TRIAL // Team Dig7tal’s Holy Lulz Crusade continues with a couple of interesting targets. One of them is the Transportation Worker Identification Credential (TWIC) website, owned by the US Department of Homeland Security (DHS), and the second is the one of the University of Alabama (UA.edu).
“This is nothing more than a simple dump of a couple of databases from the University of Alabama, to prove to them that their system is in fact vulnerable. The only real important thing I dumped was the MySQL db,” said Ichi, one of the hackers.
The dump contains database names, and data samples taken from a handful of tables. The most interesting one appears to be the “user” table, which contains usernames and password hashes.
From the TWIC site, Team Dig7tal didn’t leak anything except for some database and table names, along with the exact location of the Blind SQL Injection vulnerability that allowed them to gain access.