Bug #123941 for Finance-Bank-HDFC: HDFC Bug Report

Mon Dec 25 05:37:03 2017 thiru.polusani [...] gmail.com - Ticket created

Subject:	HDFC Bug Report
Date:	Mon, 25 Dec 2017 16:06:47 +0530
To:	bug-Finance-Bank-HDFC [...] rt.cpan.org
From:	Thirupati Rao <thiru.polusani [...] gmail.com>

Hello Devolpment Security Team, iam telling you regarding the https://www.hdfcbank.com/. .In Web portal I have found the sql injection. Classification: * Input Validation Error* Resource: *https://www.hdfcbank.com/dev.visualwebsiteoptimizer.com/j.php <https://www.hdfcbank.com/dev.visualwebsiteoptimizer.com/j.php>* Method *: GET* Detection Type: * Blind Text Injection Differential* Request: GET /dev.visualwebsiteoptimizer.com/j.php?a='" <https://mail.google.com/mail/u/0/#m_6194402904464654226_m_4102103377846956754_> These vulnerabilities are present when externally-supplied input is used to construct a SQL query. If precautions are not taken, the externally-supplied input (usually a GET or POST parameter) can modify the query string such that it performs unintented actions. These actions include gaining unauthorized read or write access to the data stored in the database, as well as modifying the logic of the application. Thanks and Regards, P.Thirupathi thiru.polusani@gmail.com

Mon Nov 09 15:56:17 2020 ether [...] cpan.org - Correspondence added

Subject:

rejected: bug report for Finance-Bank-HDFC

This is the bug queue for a defunct Perl module, and NOT the right place to report issues with the bank itself. Please consult the bank's website for how to report issues.

Mon Nov 09 15:56:17 2020 The RT System itself - Status changed from 'new' to 'open'

Mon Nov 09 15:56:17 2020 ether [...] cpan.org - Status changed from 'open' to 'rejected'