14 DAY TRIAL // The German grey hat that not long ago took part in our Hackers around the world series returns. This time he managed to breach the official website of the Royal Navy after finding an SQL injection vulnerability.
“The admins have been warned immediately before of this post. The vulnerable ‘parameter’ has been obscured to prevent damages from others,” the hacker wrote on Pastebin.
[admark=1]This is not the first time the Royal Navy’s website is breached. A few years back, Romanian hacker TinKode also accomplished this task, but he ran out of luck last month when authorities apprehended him.
D35m0nd142 also found a vulnerability on the official website of the US Federal Reserve. In this case, he found not one, but 47 blind SQL injection flaws on the site’s pages.
Since university websites are among his specialties, the hacker took a peek at the security measures implemented by Arizona University, Stanford University, and an education institution in Hong Kong. From the US universities he leaked some data to prove that they’re weak, but the Chinese school’s site was defaced.
This wasn’t the only defacement that targeted major Chinese sites. A number of 13 Chinese government sites were defaced as part of an operation called OpChina.
Another hack in Asia targeted the official website of Iran’s president. On this certain site, he identified a cross-site scripting (XSS) vulnerability, a type of weakness that allows an attacker to execute arbitrary code.
In most of the cases, the site’s administrators were notified before D35m0nd142 published his proof-of-concepts or screenshots to prove that he really did gain access. It’s uncertain how many of the breached sites patched up the vulnerabilities, but we’ll try to contact the hacker and find out.
In the meantime, you can take a look at the great interview we’ve had with D35m0nd142 a few weeks ago.