Critical SQL Injection in singforyou.net

Home / Hacking, News, Security / Critical SQL Injection in singforyou.net

August 31, 2010 PlanetCreator 0 Comments 0 tags

Security Researcher $@T0R! has reported another Critical SQL Injection in singforyou.net

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typedÂ and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

This is critical and reported to webmaster:

These are some info and screenshots from vul site:

community:sing4u_sing4u@localhostsing4u_sing4u”

Table Name:
“admin,ads_data,artists,banned_ip,category,channel_comments,cometchat, cometchat_status, config,contacts, contacts_block,contests,countrycodes,downloads_log,editors_picks, email_settings,flagged_videos, flvplayer_player_config,flvplayer_player_playlists,flvplayer_player_styles, flvplayer_player_videos_list, group_invitations,group_members,group_po”

Columns Name:
“admin_id,username,password,session,ad_id,ad_name,ad_code,ad_placement, ad_category,ad_status, ad_impressions,date_added,artist_id,name,image,active,ip,comment,categoryid, category_name, category_description,date_added,category_thumb,comment_id,comment, username,channel_user, date_added,id,from,to,message,sent,read,userid,message,status,configid,”

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Bypassing Shell Security

Safemode = On (Secure) Disables Functions = dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid ================ Create A File “Php.ini” In Some Writeable

#RefRef – Denial of Service ( DDoS ) Tool Developed by Anonymous

Anonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities to support the group’s future campaigns. So far, what they have is something that is platform

Critical Blind SQL Injection in MRTV4 (Myanmar)

PlanetCreator reported another Critical Blind SQL injection (vulnerability) on MRTV4 (Myanmar) URL : http://www.mrtv4.net.mm/ SQL injection is a code injection technique that exploits a security vulnerability occurring in the database

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
on November 15, 2024 at 12:00 am
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
on October 1, 2024 at 12:00 am
reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
on October 1, 2024 at 12:00 am
dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] openSIS 9.1 - SQLi (Authenticated)
on October 1, 2024 at 12:00 am
openSIS 9.1 - SQLi (Authenticated)
[dos] Windows TCP/IP - RCE Checker and Denial of Service
on August 28, 2024 at 12:00 am
Windows TCP/IP - RCE Checker and Denial of Service