Critical Sql Injection vulnerability in Punjab and Sind Bank website

 

An Information Security Expert Narendra Bhati has discovered a critical SQL Injection vulnerability in the Punjab and Sind Bank website(psbindia.com).

Punjab & Sind Bank (P&SB) is a major Public Sector bank in Northern India. Of its more than 1100 branches and offices spread throughout India, almost 450 are in Punjab state, though the bank's corporate headquarters is in New Delhi.

The researcher provided the vulnerable link in an email sent to EHN. As i considered the vulnerability is highly critical one, i am not going to provide the vulnerable link here.

The researcher provided the poc code that allows attackers to extract the username, hashed password, address details stored in the Bank Database.

The researcher also found that the same link is vulnerable to Cross site scripting (XSS) injection. It allows hackers to inject iframe and execute in the site.