Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Human Mind Cracker. Show all posts
SQL Injection Vulnerability
Database hacked Database Leaked hacker news Human Mind Cracker Information Security News SQL Injection Vulnerability

Bangladesh Railway , NIMC & Jiban Bima Corporation sites vulnerable to SQL Injection

The Tunisian Hacker, Human Mind Cracker, has claimed to have discovered SQL Injection vulnerability in Top Bangladesh Government websites.

In an email sent to E Hacking News, hacker mentioned that he found SQLi in three Government sites.

Affected Government sites are the official site of Bangladesh Railway(railway.gov.bd) , National Institute of Mass Communication of Bangladesh(NIMC.gov.bd) and Jiban Bima Corporation(JBC.gov.bd).


Hacker managed to breach the database server belong to National Institute of Mass Communication and leaked the stolen data in Hey paste it (heypasteit.com/clip/0NUH)

The database dump contains database table name, name of users, hashed passwords. It contains more than 650+ entries of user data.

The hacker claims that the Bangladesh Gov websites are not secure at all .  As far as i know, not only Bangladesh but also other countries government sites are vulnerable. More than 90% Government websites are vulnerable.
Read more »
Tunisian Hacker
Breaking News Human Mind Cracker Security News SQL Injection Vulnerability Tunisian Hacker

Algerian Bank CPA hacked by Tunisian Hacker


One of the Algerian Banks , Crédit populaire d'Algérie (CPA) Bank is found to be vulnerable to SQL Injection vulnerability.  This critical vulnerability was discovered by a Grey-hat Tunisian Hacker "Human Mind Cracker" who usually targets Bank and Government sites.

In an email sent to EHN, the hacker provided the vulnerable link of the site(cpa-bank.dz).

" I reported to them the vulnerability before I hack into the database,2 days without reply or anything...After that I find that the email that they put it in the website for contact is INVALID mail.So I get into the database." The hacker said.

In a paste(heypasteit.com/clip/0NLX) , hacker dumped the compromised data to prove the severity level of vulnerability.  It contains Username , passwords ,Email addresses, Phone number, Fax and Location.
Read more »
Vulnerability
Breaking News Hacking News Human Mind Cracker Information Security News SQL Injection Vulnerability Vulnerability

Bangladesh Post Office site hacked by Human Mind Cracker

A SQL Injection vulnerability has been discovered in official website of Bangladesh Post Office (bangladeshpost.gov.bd). The vulnerability was discovered by the Grey-hat hacker "Human Mind Cracker".

In an email sent to EHN, the hacker provided the vulnerable link and claimed that the site is vulnerable to lot of vulnerabilities.

The hacker breached the site by exploiting the SQL injection vulnerability and compromised the database.

Screenshot of Admin Panel

"I get into their database,and the most funniest thing is that  The passwords is not encrypted with any hash, and this so bad for a website related to a government." the hacker said in the email.

The database dump(heypasteit.com/clip/0N9U) contains database details, username, plain-text format password.  It also includes the admin username and password.
Read more »
Security News
EHN Hacking News Human Mind Cracker IT Security News Security News

Pakistan army website hacked by Human mind cracker

The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website.Again,this time he hacked into Pakistan Army website  and he get into their Database. He discovered SQL Injection vulnerability in their website 'www.pakistanarmy.gov.pk' .

In an email sent to EHN,the hacker provided us the vunerable link as a proof for his hacking.And he also provided a link to the dump (www.heypasteit.com/clip/0N5T).

" The reason of the hack is just to break the security of that website...I was thinking that Pakistan has a good cyber army but lool also they have a lot of vulnerable websites" hacker said in the email.

The dump contains database details, password, email address, admin id and password.

The hacker always try to hack into governments and banks website to improve his skills and want to know if government mind about security in their website.And the hacker said that more governments websites will be hacked by him soon.
Read more »
Tunisian Hacker
Breaking News Database breached Database Leaked Hacking News Human Mind Cracker Tunisian Hacker

Islami Bank Bangladesh website hacked by Human Mind Cracker

The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website, come with another interesting vulnerability finding. He discovered SQL Injection Vulnerability in one of the Bangladesh Bank website , "Islami Bank Bangladesh Ltd"(islamibankbd.com).

In an email sent to EHN, the hacker provided the vulnerable link and a link to the dump(heypasteit.com/clip/0MWN).

"The vulnerability was SQL injection...I report it many times..but they didn't reply and they didn't fix it yet...So I get into their database." Hacker said in the mail.

The dump contains database details, encrypted password, email address, admin id and password.


He also discovered Cross Site scripting security flaw in Feedback sending page of Islami Bank.

This is not the first time the Bank sites are being targeted by Human Mind cracker.  Last time, he discovered SQLi in Tunisian Bank site. 

The hacker always like to be a Grey Hat hacker and like to help the admin of site by reporting the vulnerability. But the admin fails to respond and fails to patch the security flaw.
Read more »
Tunisian Hacker
Cyber Security News Database Compromised Database Dumped Human Mind Cracker Security News Tunisian Hacker

South Africa's National Department of Health website hacked

database dumped

A Tunisian greyhat hacker named as "Human Mind Cracker" has claimed to have breached the South Africa's National Department of Health website(doh.gov.za) and compromised the database.

In an email sent to EHN, hacker provided the vulnerable link as well as link to Database dump.  Hacker requested me not to post the vulnerable link.

" The only reason about this hack that i love challenge and I readed a lot about the Moroccan hacker that break into some south Africa website so I just wanted to pentest their security" The hacker told EHN.

The dumped database contains database details, username and hashed passwords.

http://pastebin.com/niCEMbRs
Read more »
Tunisian Hacker
Bank website hacked Database hacked hacker news Human Mind Cracker SQL Injection Vulnerability tunisia banks hacked Tunisian Hacker

Tunisian hacker 'Human Mind Cracker' discovered SQLi vulnerability in Tunisian Bank sites

XSS in Bank sites

A Grey Hat Hacker with online handle "Human Mind cracker" has discovered SQL Injection vulnerability in some Tunisian Bank websites. Central Bank of Tunisia(bct.gov.tn) and Bank of Tunisia and the UAE (bte.com.tn) are vulnerable to SQLi .

In an email sent to EHN , hacker provided us the vulnerable link and the Proof-of-Concept(POC). As he recommend us not to publish the vulnerable , we are not providing the link here.

According to hacker, he reported the vulnerability to them but they didn't fix the vulnerability so he hacked into the database.

He has published some database information compromised from the server that includes database name and few username.

Also, he has discovered Cross site scripting (XSS) vulnerability in Central Bank of Tunisia,atb.com.tn and Banque de Tunisie(bt.com.tn).

SQL Injection is one of the most critical vulnerability, as attacker can extract the entire database by exploiting it. Banks should really buff up their security measures ,as cyber criminals mainly target Financial institution. 
Read more »
Subscribe to: Posts (Atom)