Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal – PlanetCreator’s Security Team and Hackers Group

Home / Hacking, News, Security / Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

September 2, 2010 PlanetCreator 0 Comments 0 tags

Security Researcher $@T0R! reported another Critical SQL Injection in http://www.ecovisionjournal.com – Weekly Journal

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typedÂ and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

This is critical and reported to webmaster:

These are some info and screenshots from vul site:

5.0.45-community-nt:[email protected]:ecobase

Tables eco_comment_type,eco_mail_list,eco_month_list,eco_poll_qus,eco_reader_digest, eco_tbl_applicant,eco_tbl_article,eco_tbl_category,eco_tbl_comment,eco_tbl_coverstory, eco_tbl_data,eco_tbl_health,eco_tbl_interview,eco_tbl_issue,eco_tbl_joke,eco_tbl_member, eco_tbl_news,eco_tbl_product,eco_tbl_yzone,eco_vote_ans,eco_year_list

Columns
id,type,NO,name,mail,ID,mName,yID,pno,pTitle,RID,Header,Pic,issue,rate,shortnotes, detaildata,appNo,Name,DOB,NRC,Address,Email,Education,Skill,Experience,CurrentJob, Company,Office,AppliedFor,Shift,CurrentSalary,ExpectedSalary,ContactNo,Photograph, ApplyTo,ID,title,apath,Img,issue,rate,shortnotes,ID,cName,id,comment,type_id, time,Isshow,volume

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Double Your Defense with a Double Firewall

If you have a home network router, your computer and other computers on the network (such as your spouseâ€™s laptop and your childrenâ€™s computer) are protected from the outside world.

critical SQL injection (vulnerability) on Burmese Classic http://www.burmeseclassic.com

PlanetCreator.Netâ€™s Security Team member zai22 reported another critical SQL injection (vulnerability) on Burmese Classic http://www.burmeseclassic.com SQL injection is a code injection technique that exploits a security vulnerability occurring in the

10 steps you can take to improve your online security

1. Ensure that you login to an official site * Ensure that you login to an official site (eg. http://www.planetcreator.net) 2. Choose passwords that are hard to guess. Avoid using

[webapps] Siklu EtherHaul Series EH-8010 - Remote Command Execution
on January 17, 2026 at 12:00 am
Siklu EtherHaul Series EH-8010 - Remote Command Execution
[webapps] Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
on January 17, 2026 at 12:00 am
Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
[webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
on January 17, 2026 at 12:00 am
RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
on December 25, 2025 at 12:00 am
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
on December 25, 2025 at 12:00 am
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie