PAN Card Privacy Issue | Exposing Your Personal Information | Income Tax Department
2021-12-07 17:34:21 Author: infosecwriteups.com(查看原文) 阅读量:15 收藏

Raidh Ĥere

Hey, Amazing Hackers! Again, Raidh Ĥere. This writeup is based on a vulnerability that leads to exposing your personal information through your pan card. According to Wikipedia, there are 445 million genuine PANs issued as of 31 March 2019. If you haven’t any idea about PANcard then kindly check the below information.

A PAN is a unique identifier issued to all judicial entities identifiable under the Indian Income Tax Act, 1961. The income tax PAN and its linked card are issued under Section 139A of the Income Tax Act. It is issued by the Indian Income Tax Department under the supervision of the Central Board for Direct Taxes (CBDT) and it also serves as an important proof of identification.It is also issued to foreign nationals (such as investors) subject to a valid visa, and hence a PAN card is not acceptable as proof of Indian citizenship. A PAN is necessary for filing income tax returns.

The primary purpose of the PAN is to bring a universal identification to all financial transactions and to prevent tax evasion by keeping track of monetary transactions, especially those of high-net-worth individuals who can impact the economy. Quoting the PAN is mandatory when filing income tax returns, tax deduction at source, or any other communication with the Income Tax Department. PAN is also steadily becoming a mandatory document for opening a new bank account, a Demat account, a new landline telephone connection / a mobile phone connection, purchase of foreign currency, bank deposits above ₹50,000, purchase and sale of immovable properties, vehicles, etc.

Honestly guys, I don’t have a physical pancard right now :) but we can get a pancard in a minute using e-PAN through Aadhaar. I already took that before but I lost the copy of my pan.

while trying to download the new copy . I just thought about to test this website. and I turned up my burb and quickly registered an account in the IncomeTax E-Filing portal.

Checking for the bugs like idor and more found an interesting request while viewing my profile and it was showing the complete information’s including my personal address.

Quickly send the request to repeater and changed the pan no to Victims Pan Number.

It worked. The conclusion is that, we can able to see the complete information for that pancard user. Like, Personal Address, Name, DOB , Gender , and many more.

Quickly I reported the issue to Computer emergency response team (CERT) and they has been fixed the bug.


文章来源: https://infosecwriteups.com/pan-card-privacy-issue-exposing-your-personal-information-income-tax-department-40f09e4b35cb?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh