PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.starinvestorrelations.com/ which owned by FiNEX Solutions Pte. Ltd. (“FiNEX Solutions”) powered by http://www.chartnexus.com/

This vulnerability has been alerted to :- Webmaster of ChartNexus

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Yangoon, Myanmar , 30/05/2010 04:29:21 AM
Host IP: 64.38.15.218
Web Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b
Powered-by: PHP/5.2.6
Current User: irchart_admin@localhost
Sql Version: 5.0.90-community
System User: irchart_admin@localhost
Host Name: irelation.chartnexus.com
Database: irchart_fundamentals
—————irchart_testdb
—————irchart_shareinsight
—————information_schema

Some Tables are as follow :
Account, Adjustment, Balance, Company, Company_Modules, Country, File, Fundamentals, Hit_Rate, Hit_Referral, Image, Income, Investor_Type, Module, Page, Site, Status, Stock_Quotes, Type_Relation, User, User_Profile, User_Relation, admin, attachment, category, cnx_Company, cnx_CurrentFundamental, cnx_MarketHighlight, cnx_MarketHighlight_type, cnx_…… so on…

This is colums from admin table
email, name, password, username, ID

This is some user information from admin table
[email protected]———-Bernard————–pwd      bernard          1
[email protected]——-Tey KarShiang—-pwd      karshiang     7
[email protected]——————staff1—————–pwd      weijian2         8
[email protected]————bernard2———–pwd      bernard2     9
[email protected]—————–staff1—————–pwd      staff1         10
[email protected]————nicolas—————pwd      nicolas         11
[email protected]———-Lim Chen Nee—–pwd      chennee         12
[email protected]————samuel————–pwd      staff2         13
[email protected] ——–Crystal Goh——-pwd      CrystalGoh     14
[email protected]——–XiangHue———-pwd      xianghue         15
[email protected]————-Ee Hwa————–pwd      eehwa         16
[email protected]——–gordon ————–pwd      gordon         17
[email protected]———-admin—————pwd      admin         18
[email protected]———-michael————- pwd      michael         21

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Google Talk Cheats

With Google Talk being all the craze right now, some people hating it, and others loving it, I figured that I would post a list of tips and tricks for

Wanted: Windows Hackers

Microsoft has said it wants to get more security researchers into Redmond to demonstrate flaws in its software, and it wants them to come back every six months. In March,

SQL injection Basic Tutorial

One of the major problems with SQL is its poor security issues surrounding is the login and url strings.this tutorial is not going to go into detail on why these