A Pakistani hacker going with the handle of THADisasteR from The Hackers Army has hacked into the official website of Nepal’s supreme court (supremecourt.gov.np) along with two of its sub-domains (dcourt.gov.np) and (acourt.gov.np).
Anatomy of attack is still unknown. It seems like hacker found and exploited a SQL Injection vulnerability on the website and manage to get into server. But due to security measure, hacker not able to upload shell, then just fill the specific form with the hacked message
Hacked Sites:
- http://supremecourt.gov.np
- http://dcourt.gov.np
- http://acourt.gov.np
The website is still displaying The Hackers Army and F****D By THADisasteR message on the vulnerable link, however there was no proper defacement nor any deface page was uploaded.
Possible hacked page:
http://supremecourt.gov.np/library/admin/pop.php?d=catalog&f=title&mode=view&BookId=8698
Mirrors of the Hacked Websites:
- http://www.zone-h.org/mirror/id/19332063
- http://www.zone-h.org/mirror/id/19332069
- http://www.zone-h.org/mirror/id/19332076
At the time of publishing this article, all three websites were working online with the message displaying on their vulnerable URL.