A SQL Injection vulnerability has been discovered in official website of Bangladesh Post Office (bangladeshpost.gov.bd). The vulnerability was discovered by the Grey-hat hacker "Human Mind Cracker".
In an email sent to EHN, the hacker provided the vulnerable link and claimed that the site is vulnerable to lot of vulnerabilities.
The hacker breached the site by exploiting the SQL injection vulnerability and compromised the database.
"I get into their database,and the most funniest thing is that The passwords is not encrypted with any hash, and this so bad for a website related to a government." the hacker said in the email.
The database dump(heypasteit.com/clip/0N9U) contains database details, username, plain-text format password. It also includes the admin username and password.
In an email sent to EHN, the hacker provided the vulnerable link and claimed that the site is vulnerable to lot of vulnerabilities.
The hacker breached the site by exploiting the SQL injection vulnerability and compromised the database.
 |
| Screenshot of Admin Panel |
"I get into their database,and the most funniest thing is that The passwords is not encrypted with any hash, and this so bad for a website related to a government." the hacker said in the email.
The database dump(heypasteit.com/clip/0N9U) contains database details, username, plain-text format password. It also includes the admin username and password.
