The group claims that there exist a critical SQL Inejction Vulnerability in the timesofmoney’s website using which an attacker can gain access to the site’s entire database which contains the huge amount of customers confidential information. This vulnerability may prove to be very critical for the company because TimesofMoney is India’s one of the leaders in e-payment system. At the end of their advisory the zSecure Group left a small message which claims that they have discovered alike vulnerability in HDFC Bank’s website and in coming days the group may come up with the public disclosure of the vulnerability.
Source: https://thehackernews.com/2011/08/timesofmoney-database-hacked-using-sql.html