DOH.GOV.PH PAWNED KAIZ3N-GHOST
Disclaimer: The purpose of this research is to improve and strengthen security all issues discovered in this research are reported to the security team. The researcher is not affiliated with any hacking groups. The researcher didn’t include the sensitive data in this write-up to reduce expose to the vulnerability. The researcher follows the vulnerability disclosure policy.
On October 22, 2022, my friend Kurt Russelle Marmol stumbled upon a backdoor shell named Kaizen Ghost while using Google dork on Google Search. He followed an error he found on the Department of Health website, which led him to the backdoor shell. Upon learning of the issue, I contacted another friend, Sir John Patrick Lita, to report the vulnerability in NCERT. However, NCERT did not respond to the report, so we decided to report the vulnerability directly to the Department of Health.
The Department of Health responded immediately to the report, as of April 8, 2023, the vulnerability has been fully fixed. This incident highlights the importance of regularly checking websites for vulnerabilities and promptly reporting any discovered issues to the appropriate authorities. In this case, the group’s prompt action likely prevented the backdoor shell from being exploited by malicious actors, potentially compromising sensitive information. It also serves as a reminder that even large organizations can have vulnerabilities, and it is everyone’s responsibility to help keep the internet safe and secure.
It is important to note the seriousness of this type of vulnerability. Backdoor shells can allow unauthorized access to a website, potentially compromising sensitive information or allowing for malicious activity. It is crucial for website administrators to regularly check for vulnerabilities and promptly address any issues found. In this case, the quick action taken by the Department of Health helped to ensure the security of their website and the information it contained.
KAIZEN-GHOST BACKDOOR SHELL
Disclosure Timeline
- October 22, 2022 — We reported the vulnerability issue to both NCERT and DOH.
- April 8, 2023 — The vulnerability has been fully patched.
Thanks for reading this article, I hope you guys learn something new today.
Please share this article to spread the knowledge.
Don’t forget to follow and connect with me through LinkedIn, and Twitter.
