Search This Blog

Powered by Blogger.

Blog Archive

Labels

Critical Sql Injection vulnerability in Punjab and Sind Bank website

An Information Security Expert Narendra Bhati has discovered a critical SQL Injection vulnerability in the Punjab and Sind Bank website(psbindia.com).
 
An Information Security Expert Narendra Bhati has discovered a critical SQL Injection vulnerability in the Punjab and Sind Bank website(psbindia.com).

Punjab & Sind Bank (P&SB) is a major Public Sector bank in Northern India. Of its more than 1100 branches and offices spread throughout India, almost 450 are in Punjab state, though the bank's corporate headquarters is in New Delhi.

The researcher provided the vulnerable link in an email sent to EHN. As i considered the vulnerability is highly critical one, i am not going to provide the vulnerable link here.


The researcher provided the poc code that allows attackers to extract the username, hashed password, address details stored in the Bank Database.

The researcher also found that the same link is vulnerable to Cross site scripting (XSS) injection. It allows hackers to inject iframe and execute in the site.
Share it:

Breaking News

hacker news

SQL Injection Vulnerability

Vulnerability

XSS Vulnerability