Security Researcher $@T0R! has reported another Critical SQL Injection in singforyou.net

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed  and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

This is critical and reported to webmaster:

These are some info and screenshots from vul site:

community:sing4u_sing4u@localhostsing4u_sing4u”

Table Name:
“admin,ads_data,artists,banned_ip,category,channel_comments,cometchat, cometchat_status, config,contacts, contacts_block,contests,countrycodes,downloads_log,editors_picks, email_settings,flagged_videos, flvplayer_player_config,flvplayer_player_playlists,flvplayer_player_styles, flvplayer_player_videos_list, group_invitations,group_members,group_po”

Columns Name:
“admin_id,username,password,session,ad_id,ad_name,ad_code,ad_placement, ad_category,ad_status, ad_impressions,date_added,artist_id,name,image,active,ip,comment,categoryid, category_name, category_description,date_added,category_thumb,comment_id,comment, username,channel_user, date_added,id,from,to,message,sent,read,userid,message,status,configid,”

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Investigate Google’s Gmail, Docs and other products: EPIC Petitions to FTC

Electronic Privacy Information Center (EPIC) a privacy group based in Washington, D.C filed a petition to Federal trade commission to investigate the Google’s cloud computing offerings. They asked FTC to

What are the various Trojan vectors?

A Trojan may infect any system through Trojan vectors. The most common Trojan vectors are as follows: * Email attachments * Social engineering * NetBIOS remote installation * Physical access

Unrestricted File Upload @ Web-Based Teaching System Myanmar

Critical Unrestricted File Upload vulnerability found @ Web-Based Teaching System (Myanmar) URL : http://www.wbts.com.mm Malicious Attacker can upload some file to server without permission ! And It has persistent XSS