The Hacker group called as 'The Wiki Boat Brazil' has discovered three critical vulnerabilities in the official websites of U.S Department of Transportation(dot.gov).
Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains a malicious request to the server.
The site found to be vulnerable to Cross-site request forgery(CSRF) attack. The hackers provided us the POC for the CSRF attack. This vulnerability allows attackers CSRF to change user to admin , if admin user click the specially-crafted link .
They've also discovered SQL Injection vulnerability in the ITS Deployment Statistics sub domain of U.S. Department of Transportation (www.itsdeployment.its.dot.gov).
Environmental Review Toolkit page(www.environment.fhwa.dot.gov) vulnerable to Non-persistent Cross site scripting(XSS) attack.
They've also leaked some data compromised from Federal Highway Administration(www.fhwa.dot.gov).
Few days back, they have attacked the Ministry of Finance and Federal Police sites in Brazil.
The details can be found here:
http://thewikiboatbrazil.com.br/DOT
