PlanetCreator has reported another critical SQL Injection (vulnerability) on Stamps Myanmar http://www.stampsmyanmar.com and powered by indexmyanmar

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

This vulnerability has been alerted to :- [email protected]

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Yangoon, Myanmar , 18/09/2010 06:29:33 PM
Host IP: 65.163.13.219
Database: stampsmyanmar

Some Tables are as follow :

stmyr_statedivision
stmyr_stampoftheweek
stmyr_reg
stmyr_pcdtype
stmyr_pcd
stmyr_newsletters
stmyr_member
stmyr_materialtype
stmyr_mainthemes
stmyr_ltrtype
stmyr_ltr
stmyr_login
stmyr_journey
stmyr_internationalstampissues
stmyr_fly
stmyr_fdc
stmyr_fanclub
stmyr_exhibitor_pic
stmyr_exhibitor
stmyr_exhibition_admin
stmyr_exhibition
stmyr_env
stmyr_cto
stmyr_cov
stmyr_country
stmyr_continents
stmyr_article
stmyr_admin

If you want to see detail of this vulnerability Click Here (Note :- Registered Member Only- If you are not PlanetCreator.Net Member Sign up Here)

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

NMAP Tutorial

So… let’s say that you donwloaded NMAP in one of its latest versions, if you didn’t then go get it immediately! And come back only when you have it. http://nmap.org/download.html

25 per cent of new worms designed to spread via USB

48 per cent of SMBs are infected by worms each year according to a report published by security vendor PandaLabs. The Second International SMB Security Barometer report (PDF here) surveyed

Security/Hacking Tools & Utilities

1. Nmap I think everyone has heard of this one, recently evolved into the 4.x series.Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing.