Malaysia mymasjid.net.my’s Web Vulnerability, MySQL Injection

Home / Hacking, News, Security / Malaysia mymasjid.net.my’s Web Vulnerability, MySQL Injection

February 2, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator has reported another critical MySQL Injection (vulnerability) on www.mymasjid.net.my

This vulnerability has been alerted to :- Webmaster : [email protected]

Applications: â€”â€”â€”â€” PlanetCreatorâ€™s_Universal_Advanced_Internet_Securi ty_T00L
System Time: â€”â€”â€”â€” (UTC+08:00) Kuala Lumpur, Singapore, 2/01/2010 10:01:56 PM
Host IP: 202.75.48.131
Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
Powered-by: PHP/5.2.8
Current User: myjodoh_rule@localhost
Sql Version: 5.0.87-community
Current DB: myjodoh_mymasjid
System User: myjodoh_rule@localhost
Host Name: server1.myjodoh.net

Data Bases: information_schema
—————– myjodoh_abuheakal
—————–myjodoh_dbwiki
—————– myjodoh_doc
—————– myjodoh_list
—————– myjodoh_myjodoh
—————– myjodoh_mymasjid
—————– myjodoh_ostt1
—————– myjodoh_trans
—————– myjodoh_wikidb
—————– myjodoh_wrdp2

Tables found:

markers,tbact,tbacttemplate,tbart,tbbab,tbcountry,tbforum,tbhadith,tbhadithrs,tbkitab,tbkuliah,tbloc,tblocation,tbmasjidcor,tbmsg,tbpenceramah,tbprofile,tbquran,tbsolat,tbstate,tbsurah,tbtarikh,tbunsub,useronline

In this case, Attacker (Hacker) can easy to retrieve all user and webmaster’s info and password from Database. Yes! there have more than 30,000 (Thirty Thousand) user’s account, mail, password, info

This is screen shot

Myjodoh

PlanetCreator

Explore More

Open University Malaysia (OUM)â€™s Web Vulnerability

PlanetCreator had informed OUMâ€™s XSS Vulnerability CODE http://www.planetcreator.net/2009/11/critical-xss-vulnerability-on-open-university-malaysia/ But nobody cares , How come they all wana do like this so shit! Where is OUMâ€™s Wemaster? Sleeping @ Camp? Yeah,

Zlob hacker writes love letter to Microsoft

Here’s a new way to get Microsoft to pay attention to you: slip a brief message into the malicious Trojan horse program you just wrote. That’s what an unnamed Russian

Blind SQL Injection and XSS Vulnerability in MyRingTune

PlanetCreator reported another critical SQL injection (vulnerability) on MyRingTuneÂ URL : http://www.myringtuneonline.com SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of

[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
on March 3, 2026 at 12:00 am
Boss Mini v1.4.0 - Local File Inclusion (LFI)
[webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
on March 3, 2026 at 12:00 am
mailcow 2025-01a - Host Header Password Reset Poisoning
[webapps] WeGIA 3.5.0 - SQL Injection
on March 3, 2026 at 12:00 am
WeGIA 3.5.0 - SQL Injection
[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
on March 3, 2026 at 12:00 am
Easy File Sharing Web Server v7.2 - Buffer Overflow
[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
on March 3, 2026 at 12:00 am
WordPress Backup Migration 1.3.7 - Remote Command Execution