Skip to main content

Philippines' Dept. of Labor Site's Vulnerability Could Also Affect Microsoft

there had been recent reports that Philippines' Department of Labor and Employment (DOLE) web site is prone to hacking, which could also lead to a possible entry to hack Microsoft.com.

an anonymous public post was made last june 22, detailing this vulnerability:


1. 2 Sites Hosted On 125.5.39.135 :
2. Microsoft.com & dole.gov.ph !
3. now dole.gov.ph is vulnerable To SQL Injection : DB_name : dolews_4a351sd
4. But it Seems More Secured Than i ever Sow !!
5. By "No.One"

The Hacker News (THN) in an example, proves the site's flaw using SQL Injection (e.g. access 'http://www.dole.gov.ph/secondpage.php?id=2113'). since the hacker knows the site's database, they can easily upload malicious scripts to the server. what's worse is, using reverse IP domain checking, it was found that DOLE's IP is hosted on the same web server as that of Microsoft, hence DOLE's (site) lack of security could be a back door to access other sites such that of Microsoft.

calling on the designers and developers of the DOLE site Nollie R., Patrick R., Lucky S., and Timothy S. to please address this security concern, ASAP!


Comments

Post a Comment

Popular posts from this blog

the facebook breakup letter

dear facebook,

today marks our 10th year together, i must say it has been a sweet journey. unfortunately, time has come for me to walk away.

i had high hopes for us when we started, especially at the time when my heart still beat for… what was her name again? ahh friendster (may she rest in peace). but you were all smile and poised, a neatly uniformed college girl full of hopes and overflowing with excitement. you had me at one poke!

through you i bravely opened up my thoughts to the world. i was able to connect with old and new friends. you bridged time, the longitudes and the latitudes. i got found and new relatives were discovered. once a year you even make me famous sending out birthday reminders. with you, i was a kid in a playground, swiping up or down till the wee hours, unconditionally tagging anyone and gleefully enjoying your games.

know that i am glad to have witnessed you grow - your fun emojis, crazy virals, and live videos i will sorely miss. oh i always thought it’s cool…

Facebook's Mark Zuckerberg Faces Congress

Facebook CEO, Mark Zuckerberg faced the senate judiciary and commerce committees today, in light of the recent data breach impacting over 87 million of its users.  
on march-21 addressing the cambridge analytica situation, "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it," mark posted. 

here's a background of events;

as early as 2007 facebook envisioned that apps should be "social" enabling people to log into apps and share who their friends were and some of their information (birthdays, where they live, photos).  in 2013, a cambridge university researcher named aleksandr kogan created a perso…

16 Ways to Watch NBA Finals (Live Stream)