PlanetCreator has reported another critical SQL Injection (vulnerability) on Stamps Myanmar http://www.stampsmyanmar.com and powered by indexmyanmar

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

This vulnerability has been alerted to :- [email protected]

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Yangoon, Myanmar , 18/09/2010 06:29:33 PM
Host IP: 65.163.13.219
Database: stampsmyanmar

Some Tables are as follow :

stmyr_statedivision
stmyr_stampoftheweek
stmyr_reg
stmyr_pcdtype
stmyr_pcd
stmyr_newsletters
stmyr_member
stmyr_materialtype
stmyr_mainthemes
stmyr_ltrtype
stmyr_ltr
stmyr_login
stmyr_journey
stmyr_internationalstampissues
stmyr_fly
stmyr_fdc
stmyr_fanclub
stmyr_exhibitor_pic
stmyr_exhibitor
stmyr_exhibition_admin
stmyr_exhibition
stmyr_env
stmyr_cto
stmyr_cov
stmyr_country
stmyr_continents
stmyr_article
stmyr_admin

If you want to see detail of this vulnerability Click Here (Note :- Registered Member Only- If you are not PlanetCreator.Net Member Sign up Here)

We hope that your security staff will look into this issue and fix it as soon as possible.