



Harvard's Carr Center for Human Rights Policy website ( www.hks.harvard.edu/cchrp/ ) was hacked last week and then silently fixed by the administrator without giving Reply/Credit to the Whitehat Hacker who reported the vulnerability. The Hack incident was performed in 3 Phases as described below:A Hacker , with nickname "posted a few sql injection vulnerable Educational sites on a famous Hacking Forum last week which included the SQLi vulnerable link for the Harvard Carr Center for Human Rights Policy website, as you can see in the list in the above screenshot taken by me.: Almost 100's of Hackers have seen the post from "" and they got some juicy information for their next targets. One of them named, "" successfully exploit the Harvard's site and extracted the database onto his computer. He Found the username and Password from the table and tried to login on the Admin access panel location. Yes, he was logged in with password "". We have confirmed the User:Password validity before posting this news and below is the screenshot posted by the Hackers. For security reasons we are not disclosing any databases or usernames, but why are we disclosing the password ? It's because, using a three character password by the administration of one of the biggest universities makes me do so. I think even a brute force tool will take half second to crack such a weak password.