Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal – PlanetCreator’s Security Team and Hackers Group

Home / Hacking, News, Security / Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

September 2, 2010 PlanetCreator 0 Comments 0 tags

Security Researcher $@T0R! reported another Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typedÂ and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

This is critical and reported to webmaster:

These are some info and screenshots from vul site:

5.0.45-community-nt:[email protected]:ecobase

Tables eco_comment_type,eco_mail_list,eco_month_list,eco_poll_qus,eco_reader_digest, eco_tbl_applicant,eco_tbl_article,eco_tbl_category,eco_tbl_comment,eco_tbl_coverstory, eco_tbl_data,eco_tbl_health,eco_tbl_interview,eco_tbl_issue,eco_tbl_joke,eco_tbl_member, eco_tbl_news,eco_tbl_product,eco_tbl_yzone,eco_vote_ans,eco_year_list

Columns
id,type,NO,name,mail,ID,mName,yID,pno,pTitle,RID,Header,Pic,issue,rate,shortnotes, detaildata,appNo,Name,DOB,NRC,Address,Email,Education,Skill,Experience,CurrentJob, Company,Office,AppliedFor,Shift,CurrentSalary,ExpectedSalary,ContactNo,Photograph, ApplyTo,ID,title,apath,Img,issue,rate,shortnotes,ID,cName,id,comment,type_id, time,Isshow,volume

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

SQLi vulnerabiltiy in irrawaddy store owned by Irrawaddy Publishing Group.

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group. These are some information from Vulneral Site http://www.irrawaddystore.com :

How to Remove Windows Genuine Advantage Notifications

Windows genuine advantage notifications occur when your computer hasn’t passed the validation test. The validation test can be failed due to being sold a pirated (non-genuine) copy of XP, or

#RefRef – Denial of Service ( DDoS ) Tool Developed by Anonymous

Anonymous is developing a new DDoS tool which is said to exploit SQL vulnerabilities to support the group’s future campaigns. So far, what they have is something that is platform

[webapps] OpenRepeater 2.1 - OS Command Injection
on December 3, 2025 at 12:00 am
OpenRepeater 2.1 - OS Command Injection
[webapps] MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
on December 3, 2025 at 12:00 am
MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
[webapps] phpIPAM 1.4 - SQL-Injection
on December 3, 2025 at 12:00 am
phpIPAM 1.4 - SQL-Injection
[webapps] phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
on December 3, 2025 at 12:00 am
phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
[webapps] Django 5.1.13 - SQL Injection
on December 3, 2025 at 12:00 am
Django 5.1.13 - SQL Injection