Malaysia mymasjid.net.my’s Web Vulnerability, MySQL Injection

Home / Hacking, News, Security / Malaysia mymasjid.net.my’s Web Vulnerability, MySQL Injection

February 2, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator has reported another critical MySQL Injection (vulnerability) on www.mymasjid.net.my

This vulnerability has been alerted to :- Webmaster : [email protected]

Applications: â€”â€”â€”â€” PlanetCreatorâ€™s_Universal_Advanced_Internet_Securi ty_T00L
System Time: â€”â€”â€”â€” (UTC+08:00) Kuala Lumpur, Singapore, 2/01/2010 10:01:56 PM
Host IP: 202.75.48.131
Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
Powered-by: PHP/5.2.8
Current User: myjodoh_rule@localhost
Sql Version: 5.0.87-community
Current DB: myjodoh_mymasjid
System User: myjodoh_rule@localhost
Host Name: server1.myjodoh.net

Data Bases: information_schema
—————– myjodoh_abuheakal
—————–myjodoh_dbwiki
—————– myjodoh_doc
—————– myjodoh_list
—————– myjodoh_myjodoh
—————– myjodoh_mymasjid
—————– myjodoh_ostt1
—————– myjodoh_trans
—————– myjodoh_wikidb
—————– myjodoh_wrdp2

Tables found:

markers,tbact,tbacttemplate,tbart,tbbab,tbcountry,tbforum,tbhadith,tbhadithrs,tbkitab,tbkuliah,tbloc,tblocation,tbmasjidcor,tbmsg,tbpenceramah,tbprofile,tbquran,tbsolat,tbstate,tbsurah,tbtarikh,tbunsub,useronline

In this case, Attacker (Hacker) can easy to retrieve all user and webmaster’s info and password from Database. Yes! there have more than 30,000 (Thirty Thousand) user’s account, mail, password, info

This is screen shot

Myjodoh

PlanetCreator

Explore More

SQL Injection Attacks and Prevent

Introduction Security in software applications is an ever more important topic. In this article, I discuss various aspects of SQL Injection attacks, what to look for in your code, and

Selection of tools to automate an attack SQL Injection

sqlmap (http://sqlmap.sourceforge.net/) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partially supported: Microsoft Access, DB2, Informix, Sybase and Interbase. SQL Power Injector (http://www.sqlpowerinjector.com/) Implemented support for: Microsoft SQL Server,

What are the general classes of hackers?

Hackers are categorized into the following classes: * Black Hat Hackers (Crackers): These are persons who are computer specialists and use their hacking skills to carry out malicious attacks on

[local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
on April 22, 2025 at 12:00 am
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
[webapps] WordPress Core 6.2 - Directory Traversal
on April 22, 2025 at 12:00 am
WordPress Core 6.2 - Directory Traversal
[local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
on April 22, 2025 at 12:00 am
Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
[remote] OpenSSH server (sshd) 9.8p1 - Race Condition
on April 22, 2025 at 12:00 am
OpenSSH server (sshd) 9.8p1 - Race Condition
[remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
on April 22, 2025 at 12:00 am
WonderCMS 3.4.2 - Remote Code Execution (RCE)