------------------------------------------------------------------------ Software................TCExam 11.1.029 Vulnerability...........SQL Injection Threat Level............Serious (3/5) Download................http://www.tcexam.org/ Discovery Date..........5/2/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------ --Description-- A sql injection vulnerability in TCExam 11.1.029 can be exploited to extract arbitrary data. --PoC-- http://localhost/tcexam/admin/code/tce_xml_user_results.php?lang=&user_id=1&startdate=[SQL]&enddate=[SQL]&order_field=[SQL]