PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.starinvestorrelations.com/ which owned by FiNEX Solutions Pte. Ltd. (“FiNEX Solutions”) powered by http://www.chartnexus.com/

This vulnerability has been alerted to :- Webmaster of ChartNexus

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Yangoon, Myanmar , 30/05/2010 04:29:21 AM
Host IP: 64.38.15.218
Web Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b
Powered-by: PHP/5.2.6
Current User: irchart_admin@localhost
Sql Version: 5.0.90-community
System User: irchart_admin@localhost
Host Name: irelation.chartnexus.com
Database: irchart_fundamentals
—————irchart_testdb
—————irchart_shareinsight
—————information_schema

Some Tables are as follow :
Account, Adjustment, Balance, Company, Company_Modules, Country, File, Fundamentals, Hit_Rate, Hit_Referral, Image, Income, Investor_Type, Module, Page, Site, Status, Stock_Quotes, Type_Relation, User, User_Profile, User_Relation, admin, attachment, category, cnx_Company, cnx_CurrentFundamental, cnx_MarketHighlight, cnx_MarketHighlight_type, cnx_…… so on…

This is colums from admin table
email, name, password, username, ID

This is some user information from admin table
[email protected]———-Bernard————–pwd      bernard          1
[email protected]——-Tey KarShiang—-pwd      karshiang     7
[email protected]——————staff1—————–pwd      weijian2         8
[email protected]————bernard2———–pwd      bernard2     9
[email protected]—————–staff1—————–pwd      staff1         10
[email protected]————nicolas—————pwd      nicolas         11
[email protected]———-Lim Chen Nee—–pwd      chennee         12
[email protected]————samuel————–pwd      staff2         13
[email protected] ——–Crystal Goh——-pwd      CrystalGoh     14
[email protected]——–XiangHue———-pwd      xianghue         15
[email protected]————-Ee Hwa————–pwd      eehwa         16
[email protected]——–gordon ————–pwd      gordon         17
[email protected]———-admin—————pwd      admin         18
[email protected]———-michael————- pwd      michael         21

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Critical SQL Injection (vulnerability) on The New Era Journal http://khitpyaing.org/

PlanetCreator.Net’s Security Team Member has reported another critical SQL Injection (vulnerability) on The New Era Journal http://khitpyaing.org/ These are some information from Vulneral Site http://khitpyaing.org/ : his vulnerability has been

Read More

Download Execution with Java

This tutorial will show you how to use java applets within your website which automatically download and execute your malware onto the visitor’s computer. Some people may of heard about

Read More

Javascript Injection

JavaScript Injection Overview JavaScript is a widely used technology within websites and web based applications. JavaScript can be used for all sorts of useful things and functions. But along with

Read More