PlanetCreator.Net’s Security Team member zai22 reported another critical SQL injection (vulnerability) on Burmese Classic http://www.burmeseclassic.com

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

informed to :- webmaster

Info

Message Body:
Domain = http://www.burmeseclassic.com/EngVersion
Error Link = http://www.burmeseclassic.com/EngVersion/news_detail.php?id=27&type=1
version = 5.0.91-community-log
user = burmesec_forest@localhost
database = burmesec_en

Tables
========
buddhawin,dhamma_ans,dhamma_qus,mtv,news,photo_gallery,photo_news,sayadaw,song,tayar,thuta,video

Columns
========
BW_ID,BW_Name,BW_Link,BW_Type,BW_Title,Ans_Data,Ans_QCode,Ans_Name,Ans_Date,Qus_Code,Qus_Data,Qus_Name,Qus_Mail,Qus_Date,mtv_code,comment,title,director,starring,cover,Status,count,server_id,mtv_type,news_id,news_title,news_body,posted_date,news_type,news_more,news_img,news_status,view_count,news_source,pg_id,pg_code,pg_indexfile,pg_title,pn_id,pn_title,pn_xml,pn_createdate,SYD_ID,SYD_Name,SYD_Website,SYD_WebLink,S_ID,S_Name,S_SongType,S_FileType,S_Link,S_Title,Tayar_ID,Tayar_Title,Tayar_Sayadaw,Tayar_IsPart,Tayar_Part,Tayar_FileType,Tayar_Link,T_ID,T_Name,T_Type,T_Link,T_Title,T_Image,Movie_Code,Title,Starring,Cover,CreateDate,server_id,parts,Status,indexfile,player,2nd_server_id,review_id,Movie_Type,Subtitle

===================================================================

Note: This is 2nd Vul @ BurmeseClassic

Check out : http://www.planetcreator.net/2010/08/critical-blind-sql-injection-vulnerability-in-the-best-myanmar-website-burmeseclassic-com/

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

IP spoofing

IP spoofing is about the most advanced attack that can be executed on a computer system. IP spoofing, if done correctly, is one of the smoothest and hardest attacks on

BLINK HACKER GROUP HACKED Khitlunge

A hacker group named themselves BLINK HACKER hacked http://www.khitlunge.net.mm and it’s a social and news site for Myanmar Latest News, Myanmar Breaking News, Myanmar Update News. I don’t know how

Hard disk data recovery – Recover from damaged disk? Wipe out the harddisk to avoid spying

Think of the time you take to copy a 1 GB file to the hard disk drive and the time taken to delete the same file. Doesn’t it take very