Home
Consulting
Advisories
Software
Articles
Contact

TCExam 11.1.029 SQL Injection

Legacy Advisories

Description

A sql injection vulnerability in TCExam 11.1.029 can be exploited to extract arbitrary data.

Proof Of Concept

http://localhost/tcexam/admin/code/tce_xml_user_results.php?lang=&user_id=1&startdate=[SQL]&enddate=[SQL]&order_field=[SQL]


Copyright © 2018 AutoSec Tools LLC