PlanetCreator had informed OUM’s XSS Vulnerability

CODE
http://www.planetcreator.net/2009/11/critical-xss-vulnerability-on-open-university-malaysia/

But nobody cares

sad.gif

, How come they all wana do like this so shit! Where is OUM’s Wemaster? Sleeping @ Camp?

Yeah, Hello OUM’s Webmaster!!! Let me remind you again that your Web has MsSQL Vulnerability! Don’t you believe or Don’t you know that?

Let me show you some hints!!!!

CODE
http://www.oum.edu.my

State @ne – started—-

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Securi ty_T00L
System Time: ———— (UTC+08:00) Kuala Lumpur, Singapore, 1/30/2010 11:01:56 PM
IP Address: ————202.76.239.80
Web Server: Apache/2.2.9 (Unix) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h PHP/5.2.6 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0
Host Name: oumdev
Installation dir: /opt/lampp/
DB_User & Pass: root::localhost
————root::linux
————::localhost
————::linux
———— pma::localhost
Databases: information_schema
———— cdcol
————granada
————kliuc_alumni
————mysql
————oumdev
————phpmyadmin
————sv_ajodl
————sv_kliucdb
———— sv_oum
————sv_oumdb
————sv_oumportal_db
————sv_oumportal_db_1609
————test

State tw0 – started

at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
avahi:x:102:104:User for Avahi:/var/run/avahi-daemon:/bin/false
bin:x:1:1:bin:/bin:/bin/bash
daemon:x:2:2aemon:/sbin:/bin/bash
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
games:x:12:100:Games account:/var/games:/bin/bash
haldaemon:x:104:106:User for haldaemon:/var/run/hal:/bin/false
lp:x:4:7rinting daemon:/var/spool/lpd:/bin/bash
mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
messagebus:x:101:103:User for D-Bus:/var/run/dbus:/bin/false
news:x:9:13:News system:/etc/news:/bin/bash
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
ntp:x:74:102:NTP daemon:/var/lib/ntp:/bin/false
polkituser:x:103:105olicyKit:/var/run/PolicyKit:/bin/false
postfix:x:51:51ostfix Daemon:/var/spool/postfix:/bin/false
root:x:0:0:root:/root:/bin/bash
sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
suse-ncc:x:105:107:Novell Customer Center User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
uuidd:x:100:101:User for uuidd:/var/run/uuidd:/bin/false
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
ishar316:x:1000:100:Ishar Mahadi:/home/ishar316:/bin/bash
kamal:x:1001:100::/home/kamal:/bin/bash
ajaque:x:1002:100::/home/ajaque:/bin/bash
azmi:x:1003:100::/home/azmi:/bin/bash
suliana:x:1004:100::/home/suliana:/bin/bash

State thr33 – started
DB_Table_Name **** DB_Columns
oum_attachment attch_text attch_folder attch_file art_id attch_id
oum_banner bnr_update bnr_alt bnr_image bnr_access bnr_activated bnr_position bnr_desc bnr_url domain_id bnr_title bnr_id
oum_category cat_access cat_activated cat_date domain_id cat_link cat_alias cat_name cat_type parent_id cat_id
oum_category_translate trans_element lang_id translate_text cat_access cat_activated cat_date domain_id cat_link cat_alias cat_name cat_type parent_id cat_id
oum_confcode code_desc code_alias code_name code_id
oum_confitem item_alias item_name code_type item_id
oum_content art_front art_access art_activated art_hits art_order art_update art_updateby art_date art_createby domain_id cat_id art_alias art_bodytxt art_introtxt art_title art_id
oum_content_feed feed_front domain_id cat_id parent_id art_id feed_id
oum_content_frontpage order dom_id art_id
oum_content_translate trans_element lang_id translate_intro translate_text translate_title art_front art_access art_activated art_hits art_order art_update art_updateby art_date art_createby domain_id cat_id art_alias art_bodytxt art_introtxt art_title art_id
oum_domain template domain_dept domain_host domain_alias domain_name domain_type domain_id
oum_folder folder_domain folder_desc folder_type folder_name folder_id
oum_languages lang_active lang_code lang_name lang_id
oum_menu mn_activated mn_order mn_position mn_date mn_owner mn_domain mn_alias mn_name mn_id
oum_module mod_activated mod_date domain_id mod_position mod_owner mod_alias mod_name mod_id
oum_module_item item_order cat_id domain_id mod_id moditem_id
oum_site site_root site_update site_width_menu site_align site_width site_color_bg site_color_header site_pos_menu_sub site_pos_menu_main site_fax site_phone site_address site_header domain_id site_id
oum_translate published modified_by modified translate_intro translate_text translate_title trans_element reference_id lang_id id
oum_user user_logs login_last login_date login_ip user_active user_xpired user_created user_dept user_domain user_phone user_email user_pwd user_login user_name user_id
tbl_search LinkDescription Description Keywords Text Title FileName ID
voum_content_feeds domain_id parent_id cat_id feed_id art_front art_order art_access art_activated art_date art_alias art_bodytxt art_introtxt art_title art_id
voum_content_search LinkDescription Description Keywords Text Title FileName ID

We hope that their security staff will look into this issue and fix it as soon as possible.

State – End

PlanetCreator

Explore More

Ur email can be intercepted!

Top 10 Places Your Email Can Be Intercepted The Internet has radically changed the way we communicate with each other. Email is obviouslyan extremely valuable and ubiquitous form of communication,

Mozilla Firefox the most vulnerable browser?

Its hard time for guys at Mozilla firefox. The browser has earned the title of being the most vulnerable application on windows platform. Application white listing and application control vendor

Hard disk data recovery – Recover from damaged disk? Wipe out the harddisk to avoid spying

Think of the time you take to copy a 1 GB file to the hard disk drive and the time taken to delete the same file. Doesn’t it take very