PlanetCreator.Net’s Security Team member zai22 reported another critical SQL injection (vulnerability) on Burmese Classic http://www.burmeseclassic.com

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

informed to :- webmaster

Info

Message Body:
Domain = http://www.burmeseclassic.com/EngVersion
Error Link = http://www.burmeseclassic.com/EngVersion/news_detail.php?id=27&type=1
version = 5.0.91-community-log
user = burmesec_forest@localhost
database = burmesec_en

Tables
========
buddhawin,dhamma_ans,dhamma_qus,mtv,news,photo_gallery,photo_news,sayadaw,song,tayar,thuta,video

Columns
========
BW_ID,BW_Name,BW_Link,BW_Type,BW_Title,Ans_Data,Ans_QCode,Ans_Name,Ans_Date,Qus_Code,Qus_Data,Qus_Name,Qus_Mail,Qus_Date,mtv_code,comment,title,director,starring,cover,Status,count,server_id,mtv_type,news_id,news_title,news_body,posted_date,news_type,news_more,news_img,news_status,view_count,news_source,pg_id,pg_code,pg_indexfile,pg_title,pn_id,pn_title,pn_xml,pn_createdate,SYD_ID,SYD_Name,SYD_Website,SYD_WebLink,S_ID,S_Name,S_SongType,S_FileType,S_Link,S_Title,Tayar_ID,Tayar_Title,Tayar_Sayadaw,Tayar_IsPart,Tayar_Part,Tayar_FileType,Tayar_Link,T_ID,T_Name,T_Type,T_Link,T_Title,T_Image,Movie_Code,Title,Starring,Cover,CreateDate,server_id,parts,Status,indexfile,player,2nd_server_id,review_id,Movie_Type,Subtitle

===================================================================

Note: This is 2nd Vul @ BurmeseClassic

Check out : http://www.planetcreator.net/2010/08/critical-blind-sql-injection-vulnerability-in-the-best-myanmar-website-burmeseclassic-com/

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

What are whois queries?

Whois queries are used to determine the IP address ranges associated with clients. A whois query can be run on most UNIX environments. In a Windows environment, the tools such

Wall off the World—Install a Better Firewall in an Afternoon

More advanced firewalls can be time-consuming to install, but they are not difficult to use. Take the time to fortify your defenses. It is really worthwhile.Install a Two-way Software Firewall

Investigate Google’s Gmail, Docs and other products: EPIC Petitions to FTC

Electronic Privacy Information Center (EPIC) a privacy group based in Washington, D.C filed a petition to Federal trade commission to investigate the Google’s cloud computing offerings. They asked FTC to