On September 4th, 2018, the official website of Badan Kesatuan Bangsa dan Politik (Kesbangpol) Kabupaten Musi Banyuasin was defaced by a hacker identified as 6hosthere502, a member of the ManadoGhost hacking group. The attack underscores persistent vulnerabilities in local government websites. Below are further details regarding the incident.
Hacker Details:
- Hacker Name: 6hosthere502
- Hacker Group: ManadoGhost
Website Details:
- URL: http://kesbangpol.mubakab.go.id
- System: Linux
- Web Server: Apache
- IP Address: 153.92.9.212
- Location: Indonesia
Incident Details:
- Date: September 4th, 2018 20:47:35 (WIB)
- Proof of Concept: SQL Injection
- Reason: Heh…just for fun!
- Archive Page: https://defacer.id/mirror/id/1957
- Cyber Attack Report Page: https://defacer.id/cyber-attack-report/1957
Summary:
The Kesbangpol Kab. Musi Banyuasin website was hacked by 6hosthere502 of the ManadoGhost group, utilizing an SQL injection vulnerability. The defacement appears to have been conducted “just for fun,” demonstrating a lack of serious motive but exposing weaknesses in the website’s security.
Proof of Concept:
The attacker exploited the website using an SQL Injection vulnerability, which involves inserting malicious SQL queries into an input field, potentially gaining unauthorized access to the website’s database.
Reason:
The hacker gave no serious reason for the attack, claiming it was done purely for amusement. This mirrors a trend in low-stakes website defacements that exploit weak security measures.