On September 9th, 2018, the official website of the Department of Education and Culture of Metro City was hacked and defaced by Xwizx404, a member of the Majalengka Security Hacker group. The hacker carried out the attack using a common vulnerability and claimed it was motivated by personal ambition.
Hacker Details:
- Hacker Name: Xwizx404
- Hacker Group: Majalengka Security Hacker
Website Details:
- URL: http://disdik.metrokota.go.id/
- System: Linux
- Web Server: Nginx
- IP Address: 192.185.142.185
- Location: United States
Incident Details:
- Date: September 9th, 2018, 12:07:19 (WIB)
- Proof of Concept: SQL Injection
- Reason: I just want to be the best defacer
- Archive Page: https://defacer.id/mirror/id/2406
- Cyber Attack Report’s Page: https://defacer.id/cyber-attack-report/2406
Summary:
The Department of Education and Culture of Metro City‘s website was defaced by Xwizx404, who exploited an SQL Injection vulnerability to access the server. This attack highlights the importance of securing web applications from common vulnerabilities.
Proof of Concept:
The defacement was executed via SQL Injection, a method that allowed the hacker to manipulate the website’s database and modify its content.
Reason:
The hacker, Xwizx404, stated that the attack was driven by a desire to be recognized as the “best defacer,” with no political or financial motivation.