Philippines’ Dept. of Labor Site’s Vulnerability Could Also Affect Microsoft
there had been recent reports that Philippines’ Department of Labor and Employment (DOLE) web site is prone to hacking, which could also lead to a possible entry to hack Microsoft.com.
an anonymous public post was made last june 22, detailing this vulnerability:
1. 2 Sites Hosted On 18.104.22.168 :
2. Microsoft.com & dole.gov.ph !
3. now dole.gov.ph is vulnerable To SQL Injection : DB_name : dolews_4a351sd
4. But it Seems More Secured Than i ever Sow !!
5. By “No.One”
The Hacker News (THN) in an example, proves the site’s flaw using SQL Injection (e.g. access ‘http://www.dole.gov.ph/secondpage.php?id=2113’). since the hacker knows the site’s database, they can easily upload malicious scripts to the server. what’s worse is, using reverse IP domain checking, it was found that DOLE’s IP is hosted on the same web server as that of Microsoft, hence DOLE’s (site) lack of security could be a back door to access other sites such that of Microsoft.
calling on the designers and developers of the DOLE site Nollie R., Patrick R., Lucky S., and Timothy S. to please address this security concern, ASAP!
see more [thehackernews.com]