Hi, BamarTalk.com’s Webmaster

This is PlanetCreator’s Security Te@am & Hackers Group, PlanetCreator has reported Critical SQL Injection vulnerability on Bamar Talk International Calling Cards – Cheap Call to Myanmar’s Website.

Informed to : ‘[email protected]’; ‘[email protected]’; ‘[email protected]’; ‘[email protected]’; ‘[email protected]

Sent Wed 2/24/2010 7:12 AM
Some of your Web’s Data Information are as follow,

Applications: ————PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Kuala Lumpur, Singapore, 2/24/2010 5:56:19 AM
Target:         http://www.bamartalk.com/information.php?info_id=1
Host IP:        67.18.18.10
Web Server:     Microsoft-IIS/6.0
Powered-by:     ASP.NET – PHP/5.2.6
Current User:     root@localhost
Current DB:     voipswitch
System User:     root@localhost
DB User & Pass:     root:*Hidden Pass for Security Reason:localhost

Table Name ———— Columns
users      ———— city, phone, login, email, password
settings   ———— id, name

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Google Talk Cheats

With Google Talk being all the craze right now, some people hating it, and others loving it, I figured that I would post a list of tips and tricks for

Read More

How does the form-based authentication scheme work?

The form-based authentication scheme works in the following manner: * A client generates a request for a protected resource (e.g. a transaction details page). * The Internet Information Server (IIS)

Read More

What is “Clickjacking“? The latest Adobe Flash clipboard hijack attack

A new Web attacks is now in the wild. It’s named clickjacking – as discussed at the OWASP NYC AppSec 2008 Conference. Clickjacking is actually clipboard hijacking by adobe flash

Read More