PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.starinvestorrelations.com/ which owned by FiNEX Solutions Pte. Ltd. (“FiNEX Solutions”) powered by http://www.chartnexus.com/

This vulnerability has been alerted to :- Webmaster of ChartNexus

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Yangoon, Myanmar , 30/05/2010 04:29:21 AM
Host IP: 64.38.15.218
Web Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b
Powered-by: PHP/5.2.6
Current User: irchart_admin@localhost
Sql Version: 5.0.90-community
System User: irchart_admin@localhost
Host Name: irelation.chartnexus.com
Database: irchart_fundamentals
—————irchart_testdb
—————irchart_shareinsight
—————information_schema

Some Tables are as follow :
Account, Adjustment, Balance, Company, Company_Modules, Country, File, Fundamentals, Hit_Rate, Hit_Referral, Image, Income, Investor_Type, Module, Page, Site, Status, Stock_Quotes, Type_Relation, User, User_Profile, User_Relation, admin, attachment, category, cnx_Company, cnx_CurrentFundamental, cnx_MarketHighlight, cnx_MarketHighlight_type, cnx_…… so on…

This is colums from admin table
email, name, password, username, ID

This is some user information from admin table
[email protected]———-Bernard————–pwd      bernard          1
[email protected]——-Tey KarShiang—-pwd      karshiang     7
[email protected]——————staff1—————–pwd      weijian2         8
[email protected]————bernard2———–pwd      bernard2     9
[email protected]—————–staff1—————–pwd      staff1         10
[email protected]————nicolas—————pwd      nicolas         11
[email protected]———-Lim Chen Nee—–pwd      chennee         12
[email protected]————samuel————–pwd      staff2         13
[email protected] ——–Crystal Goh——-pwd      CrystalGoh     14
[email protected]——–XiangHue———-pwd      xianghue         15
[email protected]————-Ee Hwa————–pwd      eehwa         16
[email protected]——–gordon ————–pwd      gordon         17
[email protected]———-admin—————pwd      admin         18
[email protected]———-michael————- pwd      michael         21

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Is your IP Leaking? Find out here

The first link shows your IP.http://www.whatismyip.com/This site will show more information like your town…http://www.geobytes.com/IpLocator.htm?GetLocationIf you pass this test your Proxys / Programs are doing their job…https://grc.com/x/ne.dll?bh0bkyd2 Privacy Check – checks

Read More

Computer Hacking

Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. People who engage in computer hacking activities are often

Read More

Hacking PHP 4.4

This tut Shows how to hack Sites running: Php 4.4 Sites. Step 1 – Search for them Yep,make a Google dork to find sites running Apache and PHP 4.4 .

Read More