A hacker with twitter handle QuisterTow has claimed to have identified a Sql injection vulnerability in one of the China Government website.
enghunan.gov.cn is official website for Hunan, a province of the People's Republic of China, located in the south-central part of the country to the south of the middle reaches of the Yangtze River and south of Lake Dongting .
The hacker dumped the database in pastebin(pastebin.com/nH2PUFZC) . He also leaked poc code that will exploit the vulnerability and display the database.
The leaked data contains table names, user id, username and hashed password. The hacker also cracked the hash and posted in that paste. And we noticed that the admin is using very simple password "admin123" .
