an anonymous public post was made last june 22, detailing this vulnerability:
1. 2 Sites Hosted On 126.96.36.199 :
2. Microsoft.com & dole.gov.ph !
3. now dole.gov.ph is vulnerable To SQL Injection : DB_name : dolews_4a351sd
4. But it Seems More Secured Than i ever Sow !!
5. By "No.One"
The Hacker News (THN) in an example, proves the site's flaw using SQL Injection (e.g. access 'http://www.dole.gov.ph/secondpage.php?id=2113'). since the hacker knows the site's database, they can easily upload malicious scripts to the server. what's worse is, using reverse IP domain checking, it was found that DOLE's IP is hosted on the same web server as that of Microsoft, hence DOLE's (site) lack of security could be a back door to access other sites such that of Microsoft.
calling on the designers and developers of the DOLE site Nollie R., Patrick R., Lucky S., and Timothy S. to please address this security concern, ASAP!
Labels: DOLE, microsoft, SQL Injection