Idea Web Portal Database Hack

After the series of exposure on serious security vulnerability  in the website database of HDFC Bank India and TimesofMoney e-payment  and Sharekhan zSecure Team have again come up with a similar database vulnerability in another big company Ideacellular, One of India’s best telecom operator and 3rd largest 3G operator.

This time the security vulnerability has been found in Ideacellular web portal which compromises the entire site database. According to zSecure Team blog post Any malicious smart black hats can create much more devastating attacks using this critical flaw such as:complete access to various database’s as shown in screen-shots underproof of vulnerability which can later be misused to access various confidential information; complete database dump; possibility of uploading shell (not fully certain) and much more.

Target Websitehttp://www.ideacellular.com

Attack Type: Hidden SQL Injection Vulnerability

Database Type:MySql 5.0.27
Alert Level
: Critical

Threats: Database Access, Database Dump
Credit: zSecure Team
Previous Vulnerability Discolsures: Dukascopy, Sify, TimesofMoney, Sharekhan

Ideacellular Web Portal Hacked
Ideacellular Web Portal Hacked ( Database details )
Ideacellular website vulnerable to hack
Ideacellular website vulnerable to hack Details
Ideacellular Web Portal vulnerable
Ideacellular Web Portal vulnerable Details

About Idea :

Idea is the 3rd largest mobile services operator in India. Idea’s strong growth in the Indian telephony market comes from its deep penetration in the non-urban and rural markets. IDEA Cellular is an Aditya Birla Group Company, India’s first truly multinational corporation. The group operates in 26 countries, and is anchored by over 130,600 employees belonging to 40 nationalities.

Hopefully after this Database Vulnerability exposure from the zSecure group, Idea would fix these in time and also implement more security measures on their websites.

Do comment on recent exposure of Vulnerability on Indian websites?