SA government website taken down by hackers

Sonic2k

Executive Member
Joined
Feb 7, 2011
Messages
7,641
Bwhahahahaha... got your ass pwned there cANCer....
“We are looking into it,”
Well you're going to have to look into it a HELL OF A LOT HARDER. Your stupidity doesn't help either...
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
I saw this a few months ago this error. I wanted to report it but after what happened to you i decided otherwise.
Yeah, prison interwebs FTW :whistling:

For educational purposes, any government IT agency/service provider should read this: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

FWIW - reflected and stored XSS are the most common issues across websites and even a billion rand online shop is not safe from this. Most people are ignorant about this and argue "well, you can not do anything with it", but the true issue is that hackers will construct stored/reflected XSS phishing/social engineering attacks and before you know it, they will have access to your online shopping account and it honestly does not take a lot :whistling: to fix it.
 
Last edited:

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,473
Yeah, prison interwebs FTW :whistling:

For educational purposes, any government IT agency/service provider should read this: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

FWIW - reflected and stored XSS are the most common issues across websites and even a billion rand online shop is not safe from this. Most people are ignorant about this and argue "well, you can not do anything with it", but the true issue is that hackers will construct stored/reflected XSS phishing/social engineering attacks and before you know it, they will have access to your online shopping account and it honestly does not take a lot :whistling: to fix it.
People underestimate the power of XSS it can do some really nasty things. Google has crawled some very interesting databases,emails, usernames and passwords (some hashed some not) of a few local government websites.
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
People underestimate the power of XSS it can do some really nasty things. Google has crawled some very interesting databases,emails, usernames and passwords (some hashed some not) of a few local government websites.
I saw those too. Informed SITA and they couldn't give a sh*t and then asked Google for removals, only to find that same results then appeared on Yandex. One can only try and help so much. FWIW - half of SITA is still running on a massive botnet, but that is really their battle to fight as they could not even bother to acknowledge my mail from last year (and the botnet is still going)
 
Top