Search This Blog

Powered by Blogger.

Blog Archive

Labels

KillCode hacks National Institutes of Health, found XSS in faa.gov,airforce.com

Hacker Killcode breached the National Institutes of Health website and leaked some data, discovered xss vulnerability in govt sites.

database leaked

A Hacker with a handle "KillCode" has contacted us with a link to dump.  It contains the data compromised from the subdomain 'IT Service Desk' of the National Institutes of Health website.(itservicedesk.nih.gov)

The leak contains 5208 account details that includes email address, login name, and encrypted password. The leak also contains some database name and table name details.
http://www.anonpaste.me/anonpaste2/index.php?6c66338fae0fc580#Q9fghIFzYmvj5roGLYk0LTSzU0E6F1897vQjYbUanUM=

At the time of press time, the hacked site is down.  It seems like the admin of the site is fixing the security flaw.


The hacker also discovered XSS Vulnerability in few high profile sites which includes Federal Aviation Authority (faa.gov) site, United States Air Force (airforce.com).

The proof of concept for the XSS Vulnerability can be found here:
http://www.anonpaste.me/anonpaste2/index.php?f66e175690c6e859#K7+wRJKOEyqudHgnaXWcobPZdySSxrd2mZxsp0NzFOQ=

http://www.anonpaste.me/anonpaste2/index.php?4ecd93394d6f7f5f#rq8lS4qTfDEkgp3VtR1ibqmCnqsHCX4mmPhwmH45KSI=

Share it:

Database Leaked

KillCode