Earlier today, “Shawty Boy” of Pryzraky announced a hack of the website belonging to the City Counsil of Rio de Janeiro, Brasil, managing to leak the credentials belonging to dozens of site administrators online. In a press release dated December 6th 2018, Shawty Boy explains how the Council website was vulnerable to SQL Injection, allowing him to gain administrator level access to the website back end – though the specific URL effected was not disclosed. Exposed in the leak featured below, you can find the account username, email address and password for 34 website users/administrators, providing access to 58 site databases containing thousands of records.
Interestingly enough, browsing through the contents of the leak, it appears as though this was not the first time this particular website has been hacked. I say this because under one of the exposed databases I found a user name and data table belonging to a different Anonymous hacker that I used to do business with throughout the past. For the purposes of this article, I am choosing to keep their name “redacted.” In a conversation with a member of Pryzraky, they claim to have no knowledge of the Anonymous hacker implicated, indicating that they must have hacked the website and set up an account tied to the back-end of the City Council website at some point in the past, essentially serving as a de facto “Worm” to access the website at any time they want throughout the future – lulz. Perhaps it goes without saying, but I think the IT director for Rio de Janeiro should officially consider himself fired.
Website Effected: hxxp://camara.rj.gov.br
Raw Leak: https://ghostbin.com/paste/ugmbz/raw