14 databases belonging to the HBL bank posted online by the hacker with database names and tables. Error based SQL Injection was found by the hacker on the website with vulnerable file search_results_carbranch.php. The hacker exploited the vulnerability with mysql Union Query method and accessed the databases of the website, according to the leaked document.
This is not the first time Xploiter hacked the banking System, before Soneri Bank was hacked by the same hacker.
A list of login credentials also posted in the document, containing username, plain password and emails. Its really pathetic that Bank stored the passwords in the plain text which shows HBL security level. HBL really needs to take a look at its security to protect it from these kind of attacks.
The hacker mocked at the HBL website security by saying it took 17 minutes to get into HBL system. Complete note can be found below.
A note left by the hacker on the leaked document:
You must have listen about us in news , blogs , headlines , gov charges etc. etc. What I See, Same Like Soneri Bank , HBL is in Untelanted Hands ! Just 17 minutes and We are Inside HBL’s Database lol. Your are just hiring noobs with Degree
Pingback: Andhra Pradesh Grameena Vikas Bank, India Hacked by Xploiters Crew - The Hackers Post()
Pingback: Exclusive Interview with Xploiter from Pakbugs - The Hackers Post()
Pingback: NADRA E-Sahulat Official Website hacked By Xploiter Crew - The Hackers Post()
Pingback: NADRA E-Sahulat Official Website hacked By Xploiter Crew | HOME - - www.insecurenews.com()
Pingback: Free Online Translator Website Translate.com gets hacked by Xploiters Crew - The Hackers Post()