Earlier today, I posted a breach involving the University of Sydney.
As an update, DataBreaches.net can now report that the breach was the work of Abdilo, who has made a point of going after universities (as other posts on this site have demonstrated). Abdilo had dropped hints about an Orsee 0day previously. Today, however, he made it clear that this was his attack, both tweeting about it and posting this on Pastebin:
notice my hint:
#or can you see it?
#That is the question#OR can you SEE it
orsee[remainder of paste redacted by DataBreaches.net so as not to provide others with directions for compromising sites]
Note that the University of Sydney was one of the educational institutions Abdilo had noted was vulnerable to exploiting an Orsee vulnerability in a post he made to Pastebin on February 2, although at the time, he didn’t name Orsee. Because his claims have now been confirmed by one of his targets, DataBreaches.net is publishing his list of vulnerable institutions and organizations in the hopes that they will investigate, determine whether they have been hacked through Orsee, and secure or disable the application:
uq.edu.au
columbia.edu
usyd.edu.au
upf.edu
vcu.edu
williams.edu
monash.edu.au
uji.es
hu-berlin.de
exeter.ac.uk
mcmaster.ca
ubc.ca
waikato.ac.nz
uwa.edu.au
ohio-state.edu
handles.gu.se
iwm-kmrc.de
purdue.edu
lancs.ac.uk
uni-erlangen.de
luiss.it
unimib.it
purdue.edu
univ-montp1.fr
uw.edu.pl
pless.cz x
inscripcions.org
uni-oldenburg.de
141.89.97.231
idecisions.org
uni-mannheim.e
If your university isn’t on the list, don’t breathe a sigh of relief too quickly. Check out this larger list of universities Abdilo claims to have hacked via SQLi.