Thursday, 4 August 2011

Timesofmoney Database Hacked using Sql Injection Vulnerability



General Information About the Vulnerability
This is again a critical vulnerability discovery made by zSecure Team in TimesofMoney website. The group claims that there exist a critical SQL Inejction Vulnerability in the timesofmoney's website using which an attacker can gain access to the site's entire database which contains the huge amount of customers confidential information. Even many indian banks are availing the service of the timesofmoney. This vulnerability may prove to be very critical for the company because TimesofMoney is India's one of the leaders in e-payment system. Existence of such a critical flaw in company's web may cause huge to the existing market reputation of the company concerned.

At the end of their advisory the zSecure Group left a small message which claims that they have discovered alike vulnerability in HDFC Bank's website and in coming days the group may come up with the public disclosure of the vulnerability in HDFC Bank's Website. Below are the note the zSecure Group left at the end of their advisory:
"We discovered alike vulnerability in HDFC Bank’s Website as well and issued them a similar advisory. But even after couple of weeks of sending our advisory to the bank, the said vulnerability is still open for outside attacks. If the said vulnerability doesn’t get fixed by the bank as an earliest then our next post may disclose that concerned vulnerability publically.We hope that both the companies (timesofmoney and HDFC Bank) will take immediate actions to fix the reported vulnerabilities."
Attack Type: SQL Injection Vulnerability
Database Type: Oracle Database 11g Enterprise Edition
Alert Level: High
Threats: Database Access, Database Dump, Possibility of shell uploading
Credit: zSecure Team    

About the Company
TimesofMoney is India’s leading digital payment service provider, and serves a varied client database. Spanning Indian and international clients, our offering includes specialized NRI services, India Money Transfers, Global Money Transfers, ePayments and Co-branded cards. Conceptualized and built to serve diverse communities, TimesofMoney’s services offer convenience, connectivity and flexibility across a global platform. The conglomerate continually strives to deliver the best to its clients, ensuring flexible service and meeting global standards.

Proof of Vulnerability:



Related Posts Plugin for WordPress, Blogger...
Back to TOP