PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.starinvestorrelations.com/ which owned by FiNEX Solutions Pte. Ltd. (“FiNEX Solutions”) powered by http://www.chartnexus.com/

This vulnerability has been alerted to :- Webmaster of ChartNexus

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Yangoon, Myanmar , 30/05/2010 04:29:21 AM
Host IP: 64.38.15.218
Web Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b
Powered-by: PHP/5.2.6
Current User: irchart_admin@localhost
Sql Version: 5.0.90-community
System User: irchart_admin@localhost
Host Name: irelation.chartnexus.com
Database: irchart_fundamentals
—————irchart_testdb
—————irchart_shareinsight
—————information_schema

Some Tables are as follow :
Account, Adjustment, Balance, Company, Company_Modules, Country, File, Fundamentals, Hit_Rate, Hit_Referral, Image, Income, Investor_Type, Module, Page, Site, Status, Stock_Quotes, Type_Relation, User, User_Profile, User_Relation, admin, attachment, category, cnx_Company, cnx_CurrentFundamental, cnx_MarketHighlight, cnx_MarketHighlight_type, cnx_…… so on…

This is colums from admin table
email, name, password, username, ID

This is some user information from admin table
[email protected]———-Bernard————–pwd      bernard          1
[email protected]——-Tey KarShiang—-pwd      karshiang     7
[email protected]——————staff1—————–pwd      weijian2         8
[email protected]————bernard2———–pwd      bernard2     9
[email protected]—————–staff1—————–pwd      staff1         10
[email protected]————nicolas—————pwd      nicolas         11
[email protected]———-Lim Chen Nee—–pwd      chennee         12
[email protected]————samuel————–pwd      staff2         13
[email protected] ——–Crystal Goh——-pwd      CrystalGoh     14
[email protected]——–XiangHue———-pwd      xianghue         15
[email protected]————-Ee Hwa————–pwd      eehwa         16
[email protected]——–gordon ————–pwd      gordon         17
[email protected]———-admin—————pwd      admin         18
[email protected]———-michael————- pwd      michael         21

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Hacking Computers Illegal Violation Access To Machines Cyber Crime

The term “hacking” has become one of those words today that are often frowned upon by people who occasionally have no idea what it involves. This homogenization of the signification

Read More

Extensive SQL Injection Tutorial

( This is one of the most extensive and most usefull tutorials about this subject I’ve seen read this and you’ll be sure to get a beter understanding! ) TABLE

Read More

What are the various countermeasures to a buffer overflow?

The countermeasures to a buffer overflow are as follows: * Perform manual auditing of the code. * Stack execution should be disabled. * Take the support of the functions which

Read More