Syrian programmer, Baraa Habab, was able to discover a critical loophole in the official website of the insurance company of most Egyptian banks, such as Banque Misr, Al-Ahly Bank, Cairo Bank, Abu Dhabi Islamic Bank and others.
The loophole involves Reflected cross-site scripting (XSS), in which malicious scripts are injected into otherwise benign and trusted websites. It allows the hacker to introduce malicious codes to the site until it accesses the database and asks the database to display the information stored in it in the form of an “error message”. This loophole is used to steal cookies or the unique session ID of a user’s browser.
This is the third loophole discovered by the programmer, Baraa Habab. He previously discovered security loopholes on Facebook in 2017, and he convinced them that they had a security loophole on their website. They thanked him and employed him as a “security guard”, as well as added his name to the list of honour.
Baraa greatly assists companies in ensuring protection and information security. He also provides information security content to educate people more about electronic blackmail and create a safe space for all our accounts and affairs on the Internet, in general, and social networking sites, in particular.
Who is Baraa Habab?
Born in 1996 in Damascus, Syria, Habab studied in the Faculty of Information Engineering at Damascus University but did not complete his studies after travelling to Sweden with his family in the hope of completing his dream in programming.