August 14th, 2019 | Cybersecurity Daily
On August 14th, 2019, the Jepara City Licensing Office website, found at http://izin.jepara.go.id/afis.html, was compromised. The attacker, identified as ./MrTahuSumedang from the D704T group, exploited a Cross-Site Scripting (XSS) vulnerability to gain unauthorized access and deface the website.
Hacker Details:
- Hacker Name: ./MrTahuSumedang
- Hacker Group: D704T
Website Details:
- URL: http://izin.jepara.go.id/afis.html
- System: Linux
- Web Server: Nginx
- IP: 220.247.174.20
- Location: Indonesia
Incident Details:
- Date: August 14th, 2019 13:46:01 (WIB)
- Proof of Concept: Cross-Site Scripting (XSS)
- Reason: Not available
Archive Page: https://defacer.id/mirror/id/88399
Cyber Attack Report’s Page: https://defacer.id/cyber-attack-report/88399
The attacker used Cross-Site Scripting (XSS) to exploit the website. XSS vulnerabilities allow attackers to inject malicious scripts into web pages that are viewed by other users. This form of attack can lead to defacement and unauthorized changes on the affected site.
The reason for this attack was not disclosed by the hacker, leaving the motive unclear. However, such attacks often aim to exploit system weaknesses for either demonstration or malicious purposes.