In a recent ethical hacking experience, a vulnerability involving SQL injection was uncovered on a Tamil Nadu government website, revealing sensitive user data due to weak passwords and poor security measures. The incident highlights the need for stronger security practices to mitigate such risks.
Keypoints :
- Discovered SQL injection vulnerability while testing a Tamil Nadu government website.
- Utilized SQLmap tool to exploit the vulnerability and extract data.
- Encountered a 500 Internal Server Error indicating potential SQL injection issues.
- Ran specific SQLmap commands revealing access to the database.
- Unearthed sensitive usernames and hashed passwords from the user database.
- Weak passwords allowed access to a superadmin account of the organization.
- Accessed Personally Identifiable Information (PII) from the database.
- Reported the vulnerability responsibly to CERT-In to prevent misuse.
- Emphasized the importance of secure coding practices and strong password enforcement.
- Shared knowledge strictly for educational purposes, warning against misuse of hacking commands.