Yet another Philippine government website was found vulnerable to hackers, with a hacker posting the flaw online Wednesday night.
The hacker, identified only as "No.One," said the site of the Department of Labor and Employment (DOLE) shares the same "host" as Microsoft.com but is vulnerable.
"Now dole.gov.ph is vulnerable To SQL Injection," the hacker "No.One" said in a post on Pastebin.com, adding that the DOLE and Microsoft websites share the same remote address.
Worse, another hacker site said the DOLE may be used as a stepping stone to attack a secure website that shares the DOLE's host server: Microsoft.com.
An "analysis" on The Hacker News hinted that the vulnerability in the DOLE site may be used to get root access on the shared server.
"Now We know that Microsoft.com is Secure site, Lets See another site of same host: http://www.dole.gov.ph/ ... Is it vulnerable? Yes!" it said.
It said a hacker can gain access to the DOLE site via SQL injection and get the database from the site - or upload data to it.
"This Attack may lead to rooting of 125.5.39.135 Server, Which also host Microsoft.com,' the target site. Hackers may be able to deface the site or can steal source code too," the Hacker News article said. — TJD