The Tunisian Cyber Army and the Al-Qaida Electronic Army say they've found SQLi flaws
In preparation for their anti-US government campaign dubbed OpBlackSummer, members of the Tunisian Cyber Army and the Al-Qaida Electronic Army claim to have breached two additional high-profile websites.According to E Hacking News, they’ve managed to find and exploit SQL Injection vulnerabilities on the sites of the US Customs and Border Protection (CBP.gov) and the Office of Personnel Management (OPM.gov).
The hacktivists say they’ve gained access to usernames, passwords and even private emails stored in the hacked sites’ databases.
Tunisian Cyber Army representatives reveal that OpBlackSummer will take place between May 31 and September 11. Apparently, they will not publish any of the data they’ve stolen until May 31, when they plan on leaking at least 72 gigabytes of information.
Judging by their latest posts on Twitter, the hackers will shift their focus to US gas, petroleum and even nuclear companies.
It's difficult to verify the legitimacy of the hackers' claims, but E Hacking News' Sabari Selvan says that he has been provided with the details of the vulnerabilities that plague cbp.gov and opm.gov and they're apparently valid.
Update. Junaid Hussain of illSecure.com says he has also received vulnerability details from the hackers. He has also confirmed that the SQL Injection vulnerability is valid.