After the big exposure of serious security vulnerability in the website database of HDFC Bank India and TimesofMoney e-payment zSecure Team have again came up with a similar database vulnerability in another big company Sharekhan, India’s leading online retail broking house.
The group claims that there exist high a level Hidden SQL injection Vulnerability in the sharekhan’s website using which an attacker can gain access to the site’s database which may contain their customers sensitive credentials. Even many big corporates are availing the service of the Sharekhan. This vulnerability may prove to be very critical for the company concerned as currently sharekhan is considered india’s leading online retail broking house. Existence of such a critical flaw in company’s web may cause huge to the existing market reputation of the company concerned.
Target Website: http://www.sharekhan.com
Attack Type: Hidden SQL Injection Vulnerability
Database Type: MSSQL
Alert Level: High
Threats: Database Access, Database Dump
Credit: zSecure Team
According to zSecure Team,they have randomly tested the security of the sharekhan’s website and they came up with this SQL Injection flaw, which shows a serious vulnerability of their website to hacking. The group has sent a mail was sent to sharekhan company about this database vulnerability but it seems even after couple of weeks the vulnerability still remains open for outside hacking attack. It seems sharekhan didn’t bother to fix this vulnerability that exists in their web and even after reported to them. So to make the public aware of this vulnerability and risk of using the site they have disclosed this detail in there blog.
Sharekhan is India’s leading online retail broking house. Launched on February 8, 2000 as an online trading portal, Sharekhan has today a pan-India presence with over 1,529 outlets serving 950,000 customers across 450 cities. It also has international presence through its branches in the UAE and Oman. Sharekhan offers services like portfolio management, trade execution in equities, futures & options, commodities, and distribution of mutual funds, insurance and structured products.
Hopefully after this exposure from the zSecure group, Sharekhan Limited would fix these vulnerabilities in time and also implement more security measures on their websites.
Do comment on recent exposure of Vulnerability on Indian websites?