------------------------------------------------------------------------
Software................TCExam 11.1.029
Vulnerability...........SQL Injection
Threat Level............Serious (3/5)
Download................http://www.tcexam.org/
Discovery Date..........5/2/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------


--Description--

A sql injection vulnerability in TCExam 11.1.029 can be exploited to
extract arbitrary data.


--PoC--

http://localhost/tcexam/admin/code/tce_xml_user_results.php?lang=&user_id=1&startdate=[SQL]&enddate=[SQL]&order_field=[SQL]