Search This Blog

Powered by Blogger.

Blog Archive

Labels

Tunisian hacker 'Human Mind Cracker' discovered SQLi vulnerability in Tunisian Bank sites

Grey Hat Hacker "Human Mind cracker" has discovered SQL Injection vulnerability in some Tunisian Bank websites.
XSS in Bank sites

A Grey Hat Hacker with online handle "Human Mind cracker" has discovered SQL Injection vulnerability in some Tunisian Bank websites. Central Bank of Tunisia(bct.gov.tn) and Bank of Tunisia and the UAE (bte.com.tn) are vulnerable to SQLi .

In an email sent to EHN , hacker provided us the vulnerable link and the Proof-of-Concept(POC). As he recommend us not to publish the vulnerable , we are not providing the link here.

According to hacker, he reported the vulnerability to them but they didn't fix the vulnerability so he hacked into the database.

He has published some database information compromised from the server that includes database name and few username.

Also, he has discovered Cross site scripting (XSS) vulnerability in Central Bank of Tunisia,atb.com.tn and Banque de Tunisie(bt.com.tn).

SQL Injection is one of the most critical vulnerability, as attacker can extract the entire database by exploiting it. Banks should really buff up their security measures ,as cyber criminals mainly target Financial institution. 
Share it:

Bank website hacked

Database hacked

hacker news

Human Mind Cracker

SQL Injection Vulnerability

tunisia banks hacked

Tunisian Hacker