PlanetCreator.Net’s Security Team member zai22 reported another critical SQL injection (vulnerability) on Burmese Classic http://www.burmeseclassic.com

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

informed to :- webmaster

Info

Message Body:
Domain = http://www.burmeseclassic.com/EngVersion
Error Link = http://www.burmeseclassic.com/EngVersion/news_detail.php?id=27&type=1
version = 5.0.91-community-log
user = burmesec_forest@localhost
database = burmesec_en

Tables
========
buddhawin,dhamma_ans,dhamma_qus,mtv,news,photo_gallery,photo_news,sayadaw,song,tayar,thuta,video

Columns
========
BW_ID,BW_Name,BW_Link,BW_Type,BW_Title,Ans_Data,Ans_QCode,Ans_Name,Ans_Date,Qus_Code,Qus_Data,Qus_Name,Qus_Mail,Qus_Date,mtv_code,comment,title,director,starring,cover,Status,count,server_id,mtv_type,news_id,news_title,news_body,posted_date,news_type,news_more,news_img,news_status,view_count,news_source,pg_id,pg_code,pg_indexfile,pg_title,pn_id,pn_title,pn_xml,pn_createdate,SYD_ID,SYD_Name,SYD_Website,SYD_WebLink,S_ID,S_Name,S_SongType,S_FileType,S_Link,S_Title,Tayar_ID,Tayar_Title,Tayar_Sayadaw,Tayar_IsPart,Tayar_Part,Tayar_FileType,Tayar_Link,T_ID,T_Name,T_Type,T_Link,T_Title,T_Image,Movie_Code,Title,Starring,Cover,CreateDate,server_id,parts,Status,indexfile,player,2nd_server_id,review_id,Movie_Type,Subtitle

===================================================================

Note: This is 2nd Vul @ BurmeseClassic

Check out : http://www.planetcreator.net/2010/08/critical-blind-sql-injection-vulnerability-in-the-best-myanmar-website-burmeseclassic-com/

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Fake Login Page with XSS – IFRAME – | C B Bank – Online Electricity Billing Payment System(GBPS)

When XSS vulnerabilities on bank websites are exploited by phishers, is too late to undo the unwanted consequences. The phishers were able to inject a modified login form onto the

Its not just war; its cyber war! Israel and Gaza engaged in cyber war

News of cyber war fare is reported from the warzone! News bases sites, telecommunication etc are the initial targets on both sides. Israel and the Arab world are showing mastery

Buffer Overflows

Buffer Overflow Overview Buffer overflows are the classic security vulnerability that have been around since the beginning of programming, and are still occurring everywhere today. Buffer overflows are very prevalent