Update: We just received an official reply from Avijit Nanda, Official Spokesperson of TimesofMoney who says, “The screen shots shown in the article alleging stating vulnerability of our site do not prove that there has been a breach of data security, or any loss of customer data. It remains to be seen how the screen shots have been derived.

We are protected against any kind of network penetration due to stringent policies followed. Nevertheless, post receipt of this information, we have once again tested our infrastructure for the named vulnerability, and have seen no evidence of breach.

Our data remains secure and our customer transactions are functioning normally.”

TimesofMoney, India’s leading digital payment service provider belonging to Times Group Company is vulnerable to a hack attack and could face one if not rectified in time. A group called zSecure Team has warned the ePayment provider of a critical SQL Injection Vulnerability existing in their website. According to a report by The Hacker News, zSecure claims that this is a very critical vulnerability and if exploited, an attacker could gain access to the website’s entire database containing huge amounts of confidential data of the customers.

The database list

The number of tables in the database

zSecure also claims that a similar SQL Injection Vulnerability exists in the website of India’s HDFC Bank. They have left a message saying, “We discovered alike vulnerability in HDFC Bank’s Website as well and issued them a similar advisory. But even after couple of weeks of sending our advisory to the bank, the said vulnerability is still open for outside attacks. If the said vulnerability doesn’t get fixed by the bank as an earliest then our next post may disclose that concerned vulnerability publically. We hope that both the companies (timesofmoney and HDFC Bank) will take immediate actions to fix the reported vulnerabilities.

The report also goes on to state that the alert level for this SQL Injection Vulnerability was high. The threat of this attack could be a ploy to gain access to the website’s database dump along with the possibility of shell uploading. Hopefully these companies would fix these vulnerabilities in time, especially since they have already been warned of these possible hacks. Apart from this, zSecure have also provided images displaying the proof of these vulnerabilities.

For more information on all the hacks in recent times, click here.

Tags: , , , , , , , , , , ,