Critical SQL Injection in Stamps Myanmar

Home / Hacking, News, Security / Critical SQL Injection in Stamps Myanmar

September 18, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator has reported another critical SQL Injection (vulnerability) on Stamps Myanmar http://www.stampsmyanmar.com and powered by indexmyanmar

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

This vulnerability has been alerted to :- [email protected]

Applications: â€”â€”â€”â€” PlanetCreatorâ€™s_Universal_Advanced_Internet_Security_T00L
System Time: â€”â€”â€”â€” (UTC+08:00) Yangoon, Myanmar , 18/09/2010 06:29:33 PM
Host IP: 65.163.13.219
Database: stampsmyanmar

Some Tables are as follow :

stmyr_statedivision
stmyr_stampoftheweek
stmyr_reg
stmyr_pcdtype
stmyr_pcd
stmyr_newsletters
stmyr_member
stmyr_materialtype
stmyr_mainthemes
stmyr_ltrtype
stmyr_ltr
stmyr_login
stmyr_journey
stmyr_internationalstampissues
stmyr_fly
stmyr_fdc
stmyr_fanclub
stmyr_exhibitor_pic
stmyr_exhibitor
stmyr_exhibition_admin
stmyr_exhibition
stmyr_env
stmyr_cto
stmyr_cov
stmyr_country
stmyr_continents
stmyr_article
stmyr_admin

If you want to see detail of this vulnerability Click Here (Note :- Registered Member Only- If you are not PlanetCreator.Net Member Sign up Here)

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Yet another simple Google Docs hack

A simple hack that allow you to edit read only Google docs is explained here http://googlesystem.blogspot.com/2009/01/copy-google-documents-to-your-account.html It works and all you need is to hack the url a bit like

Selection of tools to automate an attack SQL Injection

sqlmap (http://sqlmap.sourceforge.net/) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partially supported: Microsoft Access, DB2, Informix, Sybase and Interbase. SQL Power Injector (http://www.sqlpowerinjector.com/) Implemented support for: Microsoft SQL Server,

XSS Stealing Cookies

This method (XSS attacks) is for get the cookies users, so, for get information of users… and then, login into the account of the victim user…u will have to give

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
on November 15, 2024 at 12:00 am
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
on October 1, 2024 at 12:00 am
reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
on October 1, 2024 at 12:00 am
dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] openSIS 9.1 - SQLi (Authenticated)
on October 1, 2024 at 12:00 am
openSIS 9.1 - SQLi (Authenticated)
[dos] Windows TCP/IP - RCE Checker and Denial of Service
on August 28, 2024 at 12:00 am
Windows TCP/IP - RCE Checker and Denial of Service