After the series of exposure on serious security vulnerability in the website database of HDFC Bank India and TimesofMoney e-payment and Sharekhan zSecure Team have again come up with a similar database vulnerability in another big company Ideacellular, One of India’s best telecom operator and 3rd largest 3G operator.
This time the security vulnerability has been found in Ideacellular web portal which compromises the entire site database. According to zSecure Team blog post Any malicious smart black hats can create much more devastating attacks using this critical flaw such as:complete access to various database’s as shown in screen-shots underproof of vulnerability which can later be misused to access various confidential information; complete database dump; possibility of uploading shell (not fully certain) and much more.
Target Website: http://www.ideacellular.com
Attack Type: Hidden SQL Injection Vulnerability
Database Type:MySql 5.0.27
Alert Level: Critical
About Idea :
Idea is the 3rd largest mobile services operator in India. Idea’s strong growth in the Indian telephony market comes from its deep penetration in the non-urban and rural markets. IDEA Cellular is an Aditya Birla Group Company, India’s first truly multinational corporation. The group operates in 26 countries, and is anchored by over 130,600 employees belonging to 40 nationalities.
Hopefully after this Database Vulnerability exposure from the zSecure group, Idea would fix these in time and also implement more security measures on their websites.
Do comment on recent exposure of Vulnerability on Indian websites?