Breaking News: The suspects who killed two brothers for 30 Rs, killed in police encounter
Imran Khan's very aggressive tweet against Field Marshal General Asim Munir
Exclusive view: Lahore's Park View Society flooded with Ravi water
Ravi flood enters Lahore: Latest updates of flood situation in different cities
Visuals from Kartarpur as floodwater enters Kartarpur complex
Hamza Ali Abbasi speaks in support of Engineer Muhammad Ali Mirza over blasphemy allegations
Official website of Habib Bank Limited – the largest bank of Pakistan – yesterday got hacked, when a hacker called Xploiter hacked the website and leaked the databases of the website and posted credentials online.
Hacker said that it took him just 17 minutes to hack into the website.
The section that handles the online banking or Internet Banking of Habib Banking was not impacted with the hack. No customer data was compromised or leaked during the incident.
14 databases belonging to the official website of Habib Bank – relating to the generic information available on the website – were posted online with the names and tables.
While explaining the flaw in bank’s website, the hacker posted following in the leaked file:
Link:- www.HBL.Com > Error Based SQLi
File:- search_results_carbranch.php
Vulnerable Perameter:- branch_Alphabet
Method:- GET > MySQL Union Query
A list of login credentials were also posted in the online document, containing username, plain password and emails. Its strange that a bank stores password in plain language, revealing the security level of the bank.
Leaked information can be access here: https://pastebin.com/SMRPVYB6
Luckily, the Internet Banking section or customers’ data was not compromised, but considering the hack, it is high-time for the banks to increase their security levels.
Source: ProPakistani.pk
