The websites of financial institutions are not always as secure as they should be. A perfect example is the public site of Islami Bank Bangladesh – the pioneer of Islamic banking in Bangladesh – which has been found to contain SQL Injection and cross-site scripting (XSS) vulnerabilities.
The security holes have been identified by a Tunisian hacker that goes by the name of “Human Mind Cracker.”
The expert has told EHN that the SQL Injection flaw could be leveraged to gain access to a database containing user email addresses, encrypted passwords, administrator login credentials and other details.
The XSS vulnerability has been found to plague the feedback page of the Islami Bank Bangladesh’s website.
The hacker claims to have attempted to report the security holes to the financial institution on numerous occasions, but they haven’t responded to any of his reports and neither of the bugs has been addressed.