Hi, http://www.mtv.co.kr Webmaster

This is PlanetCreator’s Security Te@am & Hackers Group, PlanetCreator has reported Critical SQL Injection vulnerability on http://www.mtv.co.kr/ Website.

Informed to [email protected]

Some of your Web’s Data Information are as follow,

Applications: ———- PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———(UTC+08:00) Kuala Lumpur, Singapore, 03/01/2010 5:56:19 AM
Host IP:    222.122.55.12
Web Server:     Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Powered-by:     PHP/5.2.4-2ubuntu5.10
DB Server:    MySQL >=5
Current User:     [email protected]
Sql Version:     5.0.51a-3ubuntu5.4-log
System User:     [email protected]
Host Name:     db2.mtv.co.kr
DB User & Pass:     root:*4FEDAB890B33E3C8EC621AAB518FCF66A17E2E9D:localhost
root:*4FEDAB890B37E3C8EC621AAB513FCF66A17E2E9D:db2.mtv.co.kr
root:*4FEDAB890B37E3C8EC621AAB513FCF66A17E2E9D:127.0.0.1
::localhost
::db2.mtv.co.kr
debian-sys-maint:*B639BCB9EA2DD94A3EC75B54325E7AA378615812:localhost
mtvkor:*4FEDAB890B37E3C8EC621AA3518FCF66A17E2E9D:%
mtvkor:*4FEDAB890B37E3C8EC621AA3518FCF66A17E2E9D:localhost
mtv2:*4FEDAB890B37E3C8EC621AAB538FCF66A17E2E9D:%
Data Bases:     information_schema
bestawards2008
chart
dev4
events
linkbak
lost+found
mtv4
mtvbb
mtvlog
mtvn_sms
mysql
newsletter_view
poll
test
vmak2009

Note: some db passwords have changed 4 security reason!
We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

XSS Shell

This script in asp permettedi executing of the commandos taking advantage of a bug of the XSSper greater info you can see the video: Code: http://ferruh.mavituna.com/xssshell/demo/ and the shell: Code:

Hard disk data recovery – Recover from damaged disk? Wipe out the harddisk to avoid spying

Think of the time you take to copy a 1 GB file to the hard disk drive and the time taken to delete the same file. Doesn’t it take very

Non-persistent XSS vulnerabilities Sam’s Whois

Sam’s Whois is a free php class with supporting scripts which make adding a domain name whois lookup to your website incredibly simple. Main Features * All major tlds supported