Last updated: May 13, 2014 at 06:15 UTC Created: 1 year, 9 months ago
"Come, step over the threshold; welcome to my humble home."
Hola, amigo. You are on my personal homepage on teh interweb. This website is several things, but in short, it is a personal homepage; so expect to find many of the things you would find on other personal homepages. It serves as an outlet for me to express ideas and attempt to communicate with others. Such ideas may be expressed either to inform, inspire debate, or merely to intrigue. The contents vary from thoughts of an African programmer to just about anything. It is not always straight and engrossing. It is not always about programming or even computers and their usage. However, there is constantly enough variation to keep it going.
I do not write on any particular schedule or definite range of topics. I look at this site as a log of my experiences, observations, and reflections. The articles on this site have gone through some form of evolution since I started writing and I only see future ones being better. I don't claim to know everything nor do I see myself as a teacher, mentor, or a counselor to my readers—who are often smarter than I am; I write to learn. For this reason, read every article with a pinch of salt, because whatever I write is only as I had known it at the time and therefore does not necessarily reflect my current thoughts (which change more often than I'd like to admit).
The opinions expressed on this website are entirely my own. They do not represent the strategy, plans, or thoughts of my employer, family, friends, religion, or even that my beautiful future wife. You may post whatever comment you like; I won't edit the contents or attribution of any of them. However, I reserve the right to delete any comment I reason to be spam, off-topic or has absolutely no value. As I write about what I want, when I want, however I want, there is a reasonably good chance that at some point what I'll write may upset, offend or annoy you. The longer you read the contents on this site, the more likely this becomes.
Jobs.com.gh is a Ghanaian job portal launched in 2013 by Ringier Ghana, a subsidiary of the Swiss multinational media enterprise Ringier AG. The website lists job vacancies on a daily basis and claims to be "Ghana's number 1 jobs portal." In this third case study of the Exploit Chronicles campaign, we are putting Jobs.com.gh on the radar. One distinguishing feature of this case study, however, is the absence of an SQL injection vulnerability. For the first time, we are exploiting a logical flaw in the design, implementation, and functioning of an application.
The Bank of Ghana (BoG) is the central bank of Ghana. It was formally established on 4th March, 1957, two days before the declaration of Ghana's independence. In 2012, one Romanian gray-hat hacker compromised the systems of several African banks, most of them Ghanaian, including that of SG-SSB, UT Bank, and Fidelity Bank. But it seems not every bank learned a lesson from those incidents. So in this case study of Exploit Chronicles, we are exploiting an SQL injection vulnerability in BoG's website to install a backdoor onto the web server.
Trilion IT Services is a small website development and web hosting reseller company based in Ghana, situated at Community 12 in Tema. The company develops and maintains a content management system called Trilion CMS. The software has been installed for at least a dozen of its clients to manage their websites, spanning from simple company websites to complex web directories. In this case study of Exploit Chronicles, we are looking at how to exploit an SQL injection vulnerability in this web software to gain administrative privileges.