Tuesday, October 17, 2017
Home / Security / Breaches / @D4RKCR1PT3R discovered exploits on 4 Government sites

@D4RKCR1PT3R discovered exploits on 4 Government sites

@D4RKCR1PT3R announced an hour ago that he has breached the Federal Receipt, Federal Police, Ministry of Justice and Ministry of Defense.

D4RKCR1PT3R dumped the info in a Pastebin post wishing everyone a happy new year.  He also included a couple pictures with proof of the hacks.  The site URLs that where exploited include: www.receita.fazenda.gov.brportal.mj.gov.brwebmail.dpf.gov.br and www.defesa.gov.br.

You can view the full Pastebin post below:

Thanks: inj3ct0r team members, nbdu1nder.
0x01 - Federal Receipt
Link: http://www.receita.fazenda.gov.br/scripts/srf/enderecos/endereco.asp?unidade=8000023
Vulnerability: SQL INJECTION
Print: http://i.imgur.com/wkjJa.png
 0x02 - Ministry of Justice
Link: http://portal.mj.gov.br/conade/doc_legis.asp?id=2
Vulnerability: SQL INJECTION
Print: http://i.imgur.com/ehJ6M.png
 0x03 - Federal Police
Link: https://webmail.dpf.gov.br/phpgwapi/templates/serpro/help.php?lang=pt-BR
Vulnerability: SQL INJECTION
Print: http://i.imgur.com/e62zJ.png
 0x04 - Ministry Of Defense
Link: https://www.defesa.gov.br/index.php?option=com_users&view=registration
Vulnerability: Joomla! v. [1.6.x] [1.7.x] [2.5.0-2.5.2] - Escalation of Privileges

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Top Massachusetts hospital suffers a data breach

One of the United State’s leading hospitals, Massachusetts General (MGH), has fallen victim to a …