How Anonymous hacked over 200 South African websites

According to the call centre, the servers breached are older and contain legacy websites that clients won’t upgrade. This has caused the servers to get outdated and become vulnerable.

Well at least they admitted they knew they would be vulnerable.
 
You can have the most secure server in the world, but if your hosting client runs insecure software like a vulnerable Wordpress installation, for example, then there's nothing you can do to prevent it. It's like blaming your security company for a break-in when you leave your alarm off and your keys in the lock.
 
So what vulnerability was exploited?

I am sure its a SQL injection. There is a SQL injection on one of WebAfrica's client that shows all the data on the shared SQL cluster. After the whole COJ incident I am too scared to disclose.
 
I am sure its a SQL injection. There is a SQL injection on one of WebAfrica's client that shows all the data on the shared SQL cluster. After the whole COJ incident I am too scared to disclose.

Coj?
 
What is the COJ incident?

If I remember correctly when you looked at your invoice on their website it had the invoice number as a parameter in the url. But there was no checking in the code to check that the currently logged in user had permission to view the invoice, so you could easily look at other people's invoices by just changing the invoice number in the url. Classic amateur mistake.
 
Top
Sign up to the MyBroadband newsletter