The National Weather Service has been hacked by the Kosova Hacker’s security group, leading to sensitive server information being leaked. The group managed to hack into the server using a Local File Inclusion (LFI) vulnerability in the weather.gov website.
As the name denotes, Local File Inclusion (LFI) is the process of including a file or files through a modified special HTTP request. It can be easily exploited using a web browser, which results in the execution of arbitrary script code with target web-server privileges. The vulnerability, which can be combined with Directory Traversal attacks, exists due to data not being properly sanitized, which allows an attacker to inject directory traversal characters into the include function.
The sensitive information released by the hacking group includes directory structures, sensitive files of the target web server, and exported data such as from the ‘passwd’ file. The information exposed from the ‘passwd’ file puts the web server in danger since that information can be used by attackers to invade simply by making a console logging.
The hacker group stated that the attack is a protest against the US Policies that target Muslim countries. Moreover, the attack was a payback for hacker attacks against nuclear plants in Muslim countries, according to a member of the hacking group who said, "They hack our nuclear plants using STUXNET and FLAME like malwares, they are bombing us 27*7, we can't sit silent - hack to payback them."
Later on, a Cross Site Scripting (XSS) vulnerability was also reported regarding the weather.gov website.
Once again, improper sanitization of data injected into a website has led to the invasion and hack of a web server. Hackers will use any web application vulnerability to invade and compromise target web servers. Ensure your website is not vulnerable to security vulnerabilities by downloading the trial of Acunetix Web Vulnerability Scanner.