Critical SQL Injection in Gulf Travels and Tours

Home / Hacking, News, Security / Critical SQL Injection in Gulf Travels and Tours

September 18, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator has reported another critical SQL Injection (vulnerability) on Gulf Tranvels and Tours : Your reliable agency in Myanmar http://www.myanmartravelsgulf.com powered by IndexMyanmar

This vulnerability has been alerted to :- ” [email protected] , [email protected] , [email protected] , [email protected], [email protected],[email protected] , [email protected] ”

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

Applications: â€”â€”â€”â€” PlanetCreatorâ€™s_Universal_Advanced_Internet_Security_T00L
System Time: â€”â€”â€”â€” (UTC+08:00) Yangoon, Myanmar , 18/09/2010 09:38:33 PM
Host IP: 198.68.161.4
Database: mmtravelsgulf

Some Tables are as follow :

gulf_welcome
gulf_visa
gulf_trip_info
gulf_trip
gulf_traveltips
gulf_transportation
gulf_route
gulf_rentcar_detail
gulf_rent_carinfo
gulf_rent_car
gulf_promotion
gulf_price
gulf_myanmar_cruise
gulf_jetty
gulf_hoteltype
gulf_hoteldetail
gulf_hotel_list
gulf_footer
gulf_flight_schedule
gulf_embassy
gulf_domestic
gulf_charter
gulf_car_service
gulf_car
gulf_boat
gulf_balloons
gulf_advertise
gulf_admin
gulf_aboutus

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Critical XSS Vulnerability in http://shwephonecard.com registered parent company is â€œMMM Network L.L.C.â€

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical XSS vulnerability on http://www.shwephonecard.comÂ registered parent company is â€œMMM Network L.L.C.â€ These are some information from Vulneral Site http://www.shwephonecard.com:

Clickjacking technique called “content extraction”

Cookiejacking is a UI redressing attack that allows an attacker to hijack his victim’s cookies without any XSS. Clickjacking attacks have been widely adopted by attackers worldwide on popular websites

Complete MySQL Injection

Credit go to sam207 TABLE OF CONTENT: #INTRO #WHAT IS DATABASE? #WHAT IS SQL INJECTION? #BYPASSING LOGINS #ACCESSING SECRET DATA #Checking for vulnerability #Find the number of columns #Addressing vulnerable

[webapps] Lingdang CRM 8.6.4.7 - SQL Injection
on August 26, 2025 at 12:00 am
Lingdang CRM 8.6.4.7 - SQL Injection
[remote] Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
on August 26, 2025 at 12:00 am
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
[webapps] Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
on August 26, 2025 at 12:00 am
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
[webapps] StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
on August 26, 2025 at 12:00 am
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
[local] GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
on August 26, 2025 at 12:00 am
GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure