Critical Blind SQL Injection and Persistent XSS Vulnerability in Airmandalay http://www.airmandalay.com

Home / Hacking, News, Security / Critical Blind SQL Injection and Persistent XSS Vulnerability in Airmandalay http://www.airmandalay.com

August 29, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator has reported another Critical Blind SQL Injection and Persistent XSS Vulnerability in Myanmar (Burma) Domestic and International Airline, Myanmar Domestic Flight http://www.airmandalay.com

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typedÂ and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

This is critical and reported to [email protected], [email protected], [email protected]

These are some screenshots from vul site:

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Burmese Hackers Hacked Georgia Governmentâ€™s Web www.moh.gov.ge

Burmese Hackers Group! Named (â€œBurmeseHackersâ€ or â€œUnderGround Hackers Group @ ughackersgroup{at}gmail.comâ€), Hacked Georgia Gorvernmentâ€™s WebÂ www.moh.gov.ge , Really rare event, cos iâ€™ve never heard about this hackers group before! They

Social Engineering is no science, it is pure trickery!

The term â€œSocial Engineeringâ€ sounds like a serious academic subject on reforming a wayward society! Alas, far from the truth, it is pure and simple trickery, a con job. The

Critical SQL Injection in Myanmar Calendar

PlanetCreator‘s Security Team Researcher Infofreakzzz reported another Critical SQL injection (vulnerability) on Myanmar Calendar URL : http://www.myanmarcalendar.org/ SQL injection is a code injection technique that exploits a security vulnerability occurring

[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
on March 3, 2026 at 12:00 am
Boss Mini v1.4.0 - Local File Inclusion (LFI)
[webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
on March 3, 2026 at 12:00 am
mailcow 2025-01a - Host Header Password Reset Poisoning
[webapps] WeGIA 3.5.0 - SQL Injection
on March 3, 2026 at 12:00 am
WeGIA 3.5.0 - SQL Injection
[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
on March 3, 2026 at 12:00 am
Easy File Sharing Web Server v7.2 - Buffer Overflow
[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
on March 3, 2026 at 12:00 am
WordPress Backup Migration 1.3.7 - Remote Command Execution