Saturday, 26 December 2009

Nepal Bangladesh Bank SQLi vulnerability

The official website of Nepal Bangladesh Bank Limited www.nbbl.com.np suffers from Sql injection and hence can be compromised to get sensitive informations from it. Its 1 a.m midnight already here so I am lazy to post the dumps for now. If I happen to remember it next day, I shall post the dumps. For now, following are some information of the server:
current database: nbblcom_db 
user : nbblcom_admin@localhost
DB version: 4.1.22-standard
I am being too lazy at this time to bruteforce for the tables. Guys do yourself if you want to dig the site more.
Thanks. 
Posted by at
Labels: , ,

6 comments:

  1. BLOG radialistasradiotv28 December 2009 at 17:14

    This comment has been removed by a blog administrator.

    ReplyDelete
  2. bathmate29 December 2009 at 14:46

    very nice blog......
    i like your posting ,this is the better blog.

    Bathmate

    ReplyDelete
  3. Cool Samar29 December 2009 at 19:48

    thanks bathmate.

    ReplyDelete
  4. Cool Samar29 December 2009 at 19:49

    other people, don't post links here. Email me with the link of your site if you want link exchange.

    ReplyDelete
  5. Anonymous3 January 2010 at 23:17

    To avoid SQLi (SQL Injection attack) PHP >5.0 users can use PDO, all others make sure you use mysql_real_escape_string($string) to protect every data that is string while creating a dynamic query using user input values.

    Nice Work NEP SEC -- KTM HACKERZ team
    greetings!!

    ReplyDelete
  6. Anonymous3 January 2010 at 23:20

    also mysqli can be used !!

    ReplyDelete

Subscribe to: Post Comments (Atom)