PlanetCreator has reported another critical Blind SQL Injection (vulnerability) on http://www.starinvestorrelations.com/ which owned by FiNEX Solutions Pte. Ltd. (“FiNEX Solutions”) powered by http://www.chartnexus.com/

This vulnerability has been alerted to :- Webmaster of ChartNexus

Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Security_T00L
System Time: ———— (UTC+08:00) Yangoon, Myanmar , 30/05/2010 04:29:21 AM
Host IP: 64.38.15.218
Web Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b
Powered-by: PHP/5.2.6
Current User: irchart_admin@localhost
Sql Version: 5.0.90-community
System User: irchart_admin@localhost
Host Name: irelation.chartnexus.com
Database: irchart_fundamentals
—————irchart_testdb
—————irchart_shareinsight
—————information_schema

Some Tables are as follow :
Account, Adjustment, Balance, Company, Company_Modules, Country, File, Fundamentals, Hit_Rate, Hit_Referral, Image, Income, Investor_Type, Module, Page, Site, Status, Stock_Quotes, Type_Relation, User, User_Profile, User_Relation, admin, attachment, category, cnx_Company, cnx_CurrentFundamental, cnx_MarketHighlight, cnx_MarketHighlight_type, cnx_…… so on…

This is colums from admin table
email, name, password, username, ID

This is some user information from admin table
[email protected]———-Bernard————–pwd      bernard          1
[email protected]——-Tey KarShiang—-pwd      karshiang     7
[email protected]——————staff1—————–pwd      weijian2         8
[email protected]————bernard2———–pwd      bernard2     9
[email protected]—————–staff1—————–pwd      staff1         10
[email protected]————nicolas—————pwd      nicolas         11
[email protected]———-Lim Chen Nee—–pwd      chennee         12
[email protected]————samuel————–pwd      staff2         13
[email protected] ——–Crystal Goh——-pwd      CrystalGoh     14
[email protected]——–XiangHue———-pwd      xianghue         15
[email protected]————-Ee Hwa————–pwd      eehwa         16
[email protected]——–gordon ————–pwd      gordon         17
[email protected]———-admin—————pwd      admin         18
[email protected]———-michael————- pwd      michael         21

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

10 steps you can take to improve your online security

1. Ensure that you login to an official site * Ensure that you login to an official site (eg. http://www.planetcreator.net) 2. Choose passwords that are hard to guess. Avoid using

Read More

Press Conference briefing on the possibility of being shortest man in the world!!!

This is not hacking or security news, just about my some favorite news while I’m arriving at yangon, myanmar. I’ve been here around 3 months and waiting visa approval to

Read More

Complete MySQL Injection

Credit go to sam207 TABLE OF CONTENT: #INTRO #WHAT IS DATABASE? #WHAT IS SQL INJECTION? #BYPASSING LOGINS #ACCESSING SECRET DATA #Checking for vulnerability #Find the number of columns #Addressing vulnerable

Read More