Security Alert to BamarTalk.com (Web Vulnerability)
24.02.10  |  SecurityTeam

Hi, BamarTalk.com’s Webmaster
This is PlanetCreator’s Security Te@am & Hackers Group, PlanetCreator has reported Critical SQL Injection vulnerability on Bamar Talk International Calling Cards – Cheap Call to Myanmar’s Website.
Informed to : ’sales@bamartalk.com’; ’support@bamartalk.com’; ‘resellers@bamartalk.com’; ‘press@bamartalk.com’; ‘bamartalk@googlemail.com’
Sent Wed 2/24/2010 7:12 AM
Some of your Web’s Data Information are as follow,
Applications: ————PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Kuala Lumpur, Singapore, [...]

Chinese schools deny Google cyber-attack links
23.02.10  |  Hacking, News

Two Chinese schools have denied the New York Times inform which they were involved in the much-discussed cyber attacks upon Google as good as during slightest 33 alternative outfits sometime last year.
On Thursday, The Times reported which the attacks had been traced to Shanghai Jiaotong University as good as Lanxiang Vocational School, claiming which the [...]

Several avast sites were defaces
23.02.10  |  Hacking, News, SecurityTeam

Last month, eight sites at once well-known anti-virus solutions avast!  Were defaces:

http://www.avast.co.za/ (mirror; date: 2010-01-22 15:06:28)
http://awast.org/ (mirror; date: 2010-02-18 18:57:27)
http://www.avast.de/ (mirror; date: 2010-02-18 18:58:01)
http://shop.avast.de/ (mirror; date: 2010-02-18 18:58:24)
http://www2.avast.de/ (mirror; date: 2010-02-18 18:59:51)
http://partner.avast.de/ (mirror; date: 2010-02-18 19:03:59)
http://demoshop.avast.de/ (mirror; date: 2010-02-18 19:03:14)
http://forum.avast.de/ (mirror; date: 2010-02-18 19:01:33)
Breaking these sites was done by a group of hackers “HcJ & [...]

Online Services
15.02.10  |  SecurityTeam

Gathering information:
(set) http://www.subnetonline.com/
(set) http://ping.eu/
(ping, dns_tools, traceroute, web_tools) http://serversniff.net/
(DIG / nslookup, whois, traceroute) http://networking.ringofsaturn.com/Tools/
(whois, dns_tools, service_scan, traceroute) http://centralops.net/co/DomainDossier.aspx
(whois, dns_tools, domain_search) http://www.whois.ws/
(whois, dns_tools) http://www.robtex.com/
(whois) http://www.ripn.net:8080/nic/whois
(whois) http://whois-search.ru/
(domain_search) http://searchdns.netcraft.com/
(ping and traceroute from all continents) http://www.wipmania.com/ru/tools/
Search Engines:
(exploit_search) http://exploitsearch.com/
(search_on_daemon) http://shodan.surtri.com/
Network scanning:
(nmap, openvas, sqlix, sqlmap, nikto, sub_domain) http://hackertarget.com/free-security-vulnerability-scans/
(scanner site structure) http://madnet.name/tools/madss/
(scanner site structure) http://defec.ru/scaner/
Selection of passwords:
(Lm, halflmchall, SHA1, md5, NTLM, WL, doublemd5, [...]

Selection of tools to automate an attack SQL Injection
14.02.10  |  Hacking, News, SecurityTeam

sqlmap (http://sqlmap.sourceforge.net/)
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partially supported: Microsoft Access, DB2, Informix, Sybase and Interbase.
SQL Power Injector (http://www.sqlpowerinjector.com/)
Implemented support for: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.
Absinthe (http://www.0×90.org/releases/absinthe/index.php)
Implemented support for: Microsoft SQL Server, MSDE, Oracle, and Postgres.
bsqlbf-v2 (http://code.google.com/p/bsqlbf-v2/)
Implemented support: MySQL, Oracle, PostgreSQL and Microsoft SQL [...]

Malaysia Government DBKL Web Vulnerability (2nd)
12.02.10  |  Hacking, News, SecurityTeam

PlanetCreator has reported Critical XSS vulnerability on Official Portal of Kuala Lumpur, Malaysia Web Site,
http://www.planetcreator.net/2009/09/criti…aysia-web-site/
and
http://www.xssed.com/mirror/64058/
but nobody takes action ~~~ How come?
Hello, DBKL’s Staffs! Are you just looking for your license fees? (Yeah- I paid 300RM for my company and 100RM for your Teh Tarik (Coffe` Fees), cos if you don’t pay [...]

Burmese Hackers Hacked Georgia Government’s Web www.moh.gov.ge
12.02.10  |  Hacking, News, SecurityTeam

Burmese Hackers Group! Named (“BurmeseHackers” or “UnderGround Hackers Group @ ughackersgroup{at}gmail.com”), Hacked Georgia Gorvernment’s Web  www.moh.gov.ge ,
Really rare event, cos i’ve never heard about this hackers group before!
They attacked till server’s root, and they put some more screenshots as follow,

Open University Malaysia (OUM)’s Web Vulnerability
02.02.10  |  Hacking, News, SecurityTeam

PlanetCreator had informed OUM’s XSS Vulnerability
CODE
http://www.planetcreator.net/2009/11/critical-xss-vulnerability-on-open-university-malaysia/

But nobody cares

, How come they all wana do like this so shit! Where is OUM’s Wemaster? Sleeping @ Camp?
Yeah, Hello OUM’s Webmaster!!! Let me remind you again that your Web has MsSQL Vulnerability! Don’t you believe or Don’t you know that?
Let me [...]

Malaysia mymasjid.net.my’s Web Vulnerability, MySQL Injection
02.02.10  |  Hacking, News, SecurityTeam

PlanetCreator has reported another critical MySQL Injection (vulnerability) on www.mymasjid.net.my
This vulnerability has been alerted to :- Webmaster : azrul.alwi@gmail.com
Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Securi ty_T00L
System Time: ———— (UTC+08:00) Kuala Lumpur, Singapore, 2/01/2010 10:01:56 PM
Host IP: 202.75.48.131
Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 [...]