The website Integriteitoverheid.nl it appears to be susceptible to sql injection. This allowed the entire database to be read, which usernames and passwords were accessible. A variety of passwords were in plain text stored.
The website Integriteitoverheid.nl is in the hands of the integrity Office Public Sector. This government agency is founded to the public domain to stimulate and support the development and implementation of integrity policy’. According to the website of their own work there are eight people in the organization.
Tweakers.net received from hackers Thaxdevil and Goo, however, the tip that the website of the BIOS in the area of integrity is not high eyes throw. Via sql injection turned out to be the database of the entire web site accessible. The database contains, among other things, the nieuwsbriefadministratie and a table with user data. Salient detail is that the passwords in this table in plain text, are saved and, on an adaptation of o in 0 and i 1, are identical to the username.
Now is the leak in the site poem, confirms a spokeswoman of the organization towards Tweakers.net. The office also takes other parts of the site under the microscope to ensure that there are no vulnerabilities has been overlooked.
Update 15.20 – The website is now completely offline to be achieved. Is possible that not all sql vulnerabilities were fixed, such as in the reactions by various tweakers is experienced.