A user on a Russian-speaking forum XSS claims to have access to database of Commercial Bank of Qatar. User of the forum, who goes by name of nightly, has made a thread with minimal information about the access and hasn’t shared any (sample/full) data yet. However, given the past behaviour of the user, we can expect that they will be sharing at least a sample data as a proof of access to internal systems or database.
Worth noting that the user lately has been sharing interesting claims, such as alleged access to Okta’s source code and Breach of Location Data Giant, Gravy Analytics.
Below I provide screenshots from the XSS forum and machine translation of the user’s post.
Translation of the post:
Yeah, yeah. So dumb. Yeah, it's got client files and statements. They don't give a fuck about these vulnerabilities, you don't even have to report them. There's access to the database, but at least there's an IP filter.
Working with: cbq.qa
Total SubDomains: […, 'prod.cbq.qa', 'staging.cbq.qa', 'admin.cbq.qa', 'mail.cbq.qa', 'cert.cbq.qa', 'corporate.cbq.qa', 'cbq.qa', …]
[+] Analyzing prod.cbq.qa
corporate.cbq.qa => […, '***production/v2/.env_local', …] - BINGO!