Social Connect is an application designed to help Facebook members worldwide better connect with each other. Lulzcart, a member of the Anonymous community in Romania, proved that the app contains a dangerous vulnerability that has the potential of allowing cybercriminals to perform malicious tasks.
Lulzcart put hacktivism aside for a moment and revealed the vulnerability to prove that Romanian hackers are highly capable, not only when it comes to defacing sites and leaking databases to unmask corrupt organizations, but also for things that help the everyday user stay safe online.
He provided a proof-of-concept to show that and SQL Injection security hole exists and a lot of Facebook users may be exposed because of its presence.
Similar flaws were previously reported by Vulnerability Lab experts and the hacker wanted to show that Romanians are just as skilled as others.
“Social Connect app is a fail. I published this to prove that those who say Romanians don’t know anything are wrong,” he said.
We have contacted Social Connect and sent them a screenshot which demonstrates the existence of the weakness that could permit a remote attacker to execute his own SQL commands and maybe even compromise the webserver.
This post will be updated as soon as they respond to our inquiry.
If this time Lulzcart acted as a white hat for the good of the community, in previous situations he and his fellow hacktivists have been known to cause some serious damage to government institutions in Romania.
Their latest targets include the International Monetary Fund, an association that handles the interests of retired military members, along with a dozen city hall and police sites.
They also defaced the official website of DIICOT, the country’s anti-terrorist organization, after the authorities made public the fact that they are pursuing the hackers.