web analytics
  • News and Threat Analysis

    QIWI FIXED A FLAW IN ITS API THAT ALLOWED BLIND SQLI

    Nearly 4 months ago, a white hat hacker announced a blind SQL injection vulnerability in  the QIWI( a popular publicly traded Russian payment service provider) API interface that allows an attacker to do arbitrary code execution on the servers. A blind SQL injection vulnerability is a vulnerability that allows an attacker to make request to the end database server that a person is not allowed to do . The company took around 4 months to patch this vulnerability and awarded an amount of $5,500 to the bug bounty hunter on hackerone. Qiwi is most widely used in Russia, Ukraine, Kazakhstan, Moldova, Belarus, Romania, the United States, and the United Arab…