MS Dhoni, the captain Indian Cricket Team, Official website has been hacked and defaced by Bangladeshi Hacker group called as "United Bangladeshi Hackers".
The defacement was first discovered and reported by the Techgator .
Hackers didn't deface the home page. They just managed to have uploaded a text file named "bd.txt" in the "Uploadedfiles" directory ("http://www.dhoniworld.com/uploadedfiles/bd.txt").
We are not sure how hackers managed to hack the website whether they have admin access or just some "Unrestricted File Upload" vulnerability.
"Hacked By Black Tiger From United Bangladeshi Hackers.Stop Abusing Our Test Cricket.Don't Try To Play With Fire. We Are Bangladeshi Hackers. Mind It!" The defacement left in the page reads.
After checking the Uploadedfiles directory, we came to know that this is not the first time the website being hacked by hackers. Several other hacker group also managed to upload a text as well as image files. It appears hackers also attempt to upload C99 backdoor shell.
*Update: Nope, It is not hacked
One of EHN reader Sri Ram Shyam contacted me and provide more info how hackers managed to upload the files.
It is neither "unrestricted file upload" nor any other vulnerability. The form itself allows to upload only image/text files. I believe it is not harmful for the website in anyway.
