PlanetCreator has reported another critical MySQL Injection (vulnerability) on www.mymasjid.net.my
This vulnerability has been alerted to :- Webmaster : [email protected]
Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Securi ty_T00L
System Time: ———— (UTC+08:00) Kuala Lumpur, Singapore, 2/01/2010 10:01:56 PM
Host IP: 202.75.48.131
Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
Powered-by: PHP/5.2.8
Current User: myjodoh_rule@localhost
Sql Version: 5.0.87-community
Current DB: myjodoh_mymasjid
System User: myjodoh_rule@localhost
Host Name: server1.myjodoh.net
Data Bases: information_schema
—————– myjodoh_abuheakal
—————–myjodoh_dbwiki
—————– myjodoh_doc
—————– myjodoh_list
—————– myjodoh_myjodoh
—————– myjodoh_mymasjid
—————– myjodoh_ostt1
—————– myjodoh_trans
—————– myjodoh_wikidb
—————– myjodoh_wrdp2
Tables found:
markers,tbact,tbacttemplate,tbart,tbbab,tbcountry,tbforum,tbhadith,tbhadithrs,tbkitab,tbkuliah,tbloc,tblocation,tbmasjidcor,tbmsg,tbpenceramah,tbprofile,tbquran,tbsolat,tbstate,tbsurah,tbtarikh,tbunsub,useronline
In this case, Attacker (Hacker) can easy to retrieve all user and webmaster’s info and password from Database. Yes! there have more than 30,000 (Thirty Thousand) user’s account, mail, password, info
This is screen shot
PlanetCreator