14 DAY TRIAL // One of the subdomains hosted on Stanford University’s official website was breached by hackers part of Team Nuts who defaced it to demonstrate its lack of security.
The Hacker News informs that the ones responsible for the defacement of the scale.stanford.edu domain are Yash and C0de Inject0r.
"Everyday Someone Get Hacked , Today is your Day. Admin: Nice Security ,But Still Failed To Keep Us Out Of Your BOX,” reads the message posted by the hackers on the affected webpage.
We have contacted security researcher Shadab Siddiqui to get an expert opinion regarding the breach. He revealed that the site of Stanford University was full of security holes.
“A lot of subdomains are flawed and even the main Stanfor domain contains an SQL Injection vulnerability which could allow someone to gain access to their user database,” Siddiqui said.
The expert identified a couple of SQL Injection and some cross-site scripting vulnerabilities, and provided some screenshots to prove their existence.
The webmasters of Stanford University’s site have been provided with proof of concept to demonstrate the existence of the SQL Injection and XSS flaws. We’ve also requested comment from them regarding the hacking incident, but so far they haven't responded.
