PlanetCreator.Net’s Security Team member zai22 reported another critical SQL injection (vulnerability) on Burmese Classic http://www.burmeseclassic.com

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

informed to :- webmaster

Info

Message Body:
Domain = http://www.burmeseclassic.com/EngVersion
Error Link = http://www.burmeseclassic.com/EngVersion/news_detail.php?id=27&type=1
version = 5.0.91-community-log
user = burmesec_forest@localhost
database = burmesec_en

Tables
========
buddhawin,dhamma_ans,dhamma_qus,mtv,news,photo_gallery,photo_news,sayadaw,song,tayar,thuta,video

Columns
========
BW_ID,BW_Name,BW_Link,BW_Type,BW_Title,Ans_Data,Ans_QCode,Ans_Name,Ans_Date,Qus_Code,Qus_Data,Qus_Name,Qus_Mail,Qus_Date,mtv_code,comment,title,director,starring,cover,Status,count,server_id,mtv_type,news_id,news_title,news_body,posted_date,news_type,news_more,news_img,news_status,view_count,news_source,pg_id,pg_code,pg_indexfile,pg_title,pn_id,pn_title,pn_xml,pn_createdate,SYD_ID,SYD_Name,SYD_Website,SYD_WebLink,S_ID,S_Name,S_SongType,S_FileType,S_Link,S_Title,Tayar_ID,Tayar_Title,Tayar_Sayadaw,Tayar_IsPart,Tayar_Part,Tayar_FileType,Tayar_Link,T_ID,T_Name,T_Type,T_Link,T_Title,T_Image,Movie_Code,Title,Starring,Cover,CreateDate,server_id,parts,Status,indexfile,player,2nd_server_id,review_id,Movie_Type,Subtitle

===================================================================

Note: This is 2nd Vul @ BurmeseClassic

Check out : http://www.planetcreator.net/2010/08/critical-blind-sql-injection-vulnerability-in-the-best-myanmar-website-burmeseclassic-com/

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Pay safe with your debit card/ bank card/ ATM card? Best practice to safe guard your PIN

In the world of convenience, people resort to different and convenient ways of spending. One such instance is the debit card which replaces cash. It is so convenient and so

Critical SQL injection (vulnerability) on SITAGU :: Sitagu International Buddhist Missionary Centre

Security researcher Dr@GoN 3y3 reported another Critical SQL injection (vulnerability) on SITAGU :: Sitagu International Buddhist Missionary Centre http://www.sitaguacademy.com/ SQL injection is a code injection technique that exploits a security

Hacker Halted Asia Pacific 2010

2010. Entering the new decade, have we done enough to secure our information? Or will we be found wanting by the end of this decade? History is a great teacher,