Saturday, 26 December 2009

Nepal Bangladesh Bank SQLi vulnerability

The official website of Nepal Bangladesh Bank Limited suffers from Sql injection and hence can be compromised to get sensitive informations from it. Its 1 a.m midnight already here so I am lazy to post the dumps for now. If I happen to remember it next day, I shall post the dumps. For now, following are some information of the server:
current database: nbblcom_db 
user : nbblcom_admin@localhost
DB version: 4.1.22-standard
I am being too lazy at this time to bruteforce for the tables. Guys do yourself if you want to dig the site more.


  1. This comment has been removed by a blog administrator.

  2. very nice blog......
    i like your posting ,this is the better blog.


  3. other people, don't post links here. Email me with the link of your site if you want link exchange.

  4. To avoid SQLi (SQL Injection attack) PHP >5.0 users can use PDO, all others make sure you use mysql_real_escape_string($string) to protect every data that is string while creating a dynamic query using user input values.

    Nice Work NEP SEC -- KTM HACKERZ team

  5. also mysqli can be used !!