Google News fooled and spammed by a hacked Hyderabad govt. website

Share This Post

[ad_1]

The hackers seem to have exploited a vulnerability in the Hyderabad Metropolitan Water Supply and Sewerage Board (HMWSS) website, ‘hyderabadwater.gov.in.’ [File]

The hackers seem to have exploited a vulnerability in the Hyderabad Metropolitan Water Supply and Sewerage Board (HMWSS) website, ‘hyderabadwater.gov.in.’ [File]
| Photo Credit: Google News

Google News algorithm was fooled and spammed on Friday (November 8, 2024) by a hacked Telangana government website. The hackers seem to have exploited a vulnerability in the Hyderabad Metropolitan Water Supply and Sewerage Board (HMWSSB) website, ‘hyderabadwater.gov.in.’ The website is used by Hyderabad residents to pay their water bills online.

It is unclear when the hack itself happened, but promotional links on betting, online rummy, and casinos began trending up on Google News under the latest news tab in the technology section earlier today. With an exception of one sub-section that highlighted Garena Free Fire MAX redeem codes, most other links were from HMWSSB, promoting gambling. The links were redirecting users to an online betting platform, betwww20.com.

This type of attack occurs when a hacker exploits vulnerabilities in a website’s database query system by injecting malicious SQL code

This type of attack occurs when a hacker exploits vulnerabilities in a website’s database query system by injecting malicious SQL code
| Photo Credit:
Google News

The hack reveals the vulnerability in both HMWSSB’s website and Google News’s algorithm. While the method of the attack could not be verified, it looks like a Structured Query Language Injection (SQLi) attack — a common website hacking technique.

This type of attack occurs when a hacker exploits vulnerabilities in a website’s database query system by injecting malicious SQL code into web forms, URL parameters, or other input fields. This is possible when the website fails to properly validate or sanitise user input before using it in SQL queries.

The spam links were redirecting users to an online betting platform, betwww20.com.

The spam links were redirecting users to an online betting platform, betwww20.com.
| Photo Credit:
Google News

SQLi can be used to delete or modify information in the database, or to extract sensitive data like usernames, passwords, and credit card details. Attackers could also inject malicious code to further compromise the website or server.

Hackers often use automated tools to scan and attack large numbers of websites. These tools can try different variations of SQL injection payloads on forms, URLs, and other input fields until they find one that works.

[ad_2]

Source link

spot_img

Related Posts

WitchSpin Casino’s Magical Theme: A Unique Gaming Experience

Online casinos today are not just about winning money....

Norwegian Tourists’ Favorite Online Gaming Destinations for Vacation

As the world becomes increasingly interconnected, many Norwegian tourists...

Non-Disclosure Agreement for Franchise Opportunity Discussions

When discussing franchise opportunities, both the franchisor and potential...

ZF 8HP50 Vaidmuo Hibridiniuose ir Elektriniuose Automobiliuose

ZF 8HP50 yra pažangiausia aštuonių pavarų automatinė transmisija, kuri...

Dating Men in Their 30s: What Changes and What Stays the Same

Navigating the world of relationships can be a unique...

The Calorie-a-Day Strategy: Balancing Nutrition and Weight Loss

When it comes to weight loss, the approach to...
spot_img