@D4RKCR1PT3R announced an hour ago that he has breached the Federal Receipt, Federal Police, Ministry of Justice and Ministry of Defense.
— D4RKCR1PT3R (@D4RKCR1PT3R) January 1, 2013
D4RKCR1PT3R dumped the info in a Pastebin post wishing everyone a happy new year. He also included a couple pictures with proof of the hacks. The site URLs that where exploited include: www.receita.fazenda.gov.br, portal.mj.gov.br, webmail.dpf.gov.br and www.defesa.gov.br.
You can view the full Pastebin post below:
Thanks: inj3ct0r team members, nbdu1nder. 0x01 - Federal Receipt Link: http://www.receita.fazenda.gov.br/scripts/srf/enderecos/endereco.asp?unidade=8000023 Vulnerability: SQL INJECTION Print: http://i.imgur.com/wkjJa.png 0x02 - Ministry of Justice Link: http://portal.mj.gov.br/conade/doc_legis.asp?id=2 Vulnerability: SQL INJECTION Print: http://i.imgur.com/ehJ6M.png 0x03 - Federal Police Link: https://webmail.dpf.gov.br/phpgwapi/templates/serpro/help.php?lang=pt-BR Vulnerability: SQL INJECTION Print: http://i.imgur.com/e62zJ.png 0x04 - Ministry Of Defense Link: https://www.defesa.gov.br/index.php?option=com_users&view=registration Vulnerability: Joomla! v. [1.6.x] [1.7.x] [2.5.0-2.5.2] - Escalation of Privileges