A hacker claims to have gained full access to the website of the British Royal Navy and the underlying database through an SQL injection attack.f8b934d3915740a4b36827079ae56046
In a blog, TinKode claims that the compromise of www.royalnavy.mod.uk happened on November 5 at 22:55.
The hacker mentions that the attack vector was SQL injection, but fortunately, he doesn’t publicly disclose the vulnerable URL.
He does, however, link to a file hosted on pastebin.com, which contains sensitive information gathered from the Royal Navy Web server and database.
This includes a copy of the /etc/passwd file, a listing of MySQL databases, as well as the tables for some of them.
For the “globalops” database, which we assume corresponds to the “Global Operations” section of the website, TinKode lists the contents of the “admin_users” table. This includes the administrative accounts and their corresponding passwords hashes.
The hacker even decrypted the hashed password for the user called “admin,” posted it in plain text. Suffice to say that it’s ridiculously simple and in no way appropriate for a military website.
Furthermore, he also posted usernames and hashed passwords for the site’s “Jack Speak” blogs section, which appears to be running WordPress. We have alerted the Royal Navy Web team, but have yet to receive a reply. Meanwhile, the website remains online.
SQL injection is a type of vulnerability, which stems from a failure to properly sanitize user input. It allows attackers to execute rogue database queries by manipulating the vulnerable URL.
TinKode previously disclosed similar vulnerabilities on NASA and U.S. Army websites. At the end of October he announced compromises on websites belonging to the U.S. Army 470th MI Brigade, the U.S. Army Civil Affairs & Psychological Operations Command and the National Weather Service.
Valuable info. Lucky me I found your site by accident, I bookmarked it.
Great work keep it coming, best blog on earth
I’d have to permit with you on this. Which is not something I typically do! I love reading a post that will make people think. Also, thanks for allowing me to speak my mind!
Thank you, I have recently been searching for information about this topic for ages and yours is the best I have discovered so far.
Thankyou guys for your appreciation.
great post, thanks for sharing
You’re not the regular blog author, man. You surely have something powerful to add to the web. Such a outstanding blog. I will be back for more.
Your place is valueble for me. Thanks!…
WONDERFUL Post.thanks for share..more wait .. ;)…
Your place is valueble for me. Thanks!…
An awesome share, I just given this onto a student who was doing a little research on that. And he in fact purchased me dinner because I found it for him…. smile.. So let me reword that: Thanks for the treat! But yeah Thnx for spending the time to talk about this, I feel strongly about it and love learning more on this topic. If possible, as you become expertise, would you mind updating your blog with more info? It is highly helpful for me. Big thumb up for this share!
Amazing! It’s like you understand my mind! You seem to know so much about this, just like you wrote the book in it or something. I think that you could do with some pics to drive the content home a bit, but other than that, this is great blog post. A great read. I will definitely be back.
This website is awesome. I constantly come across something new & different right here. Thank you for that data.