# Exploit Title: Tiny Tiny RSS Blind SQL Injection # Date: 15-02-2016 # Software Link: http://tt-rss.org/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps 1. Description $item_id inside process_category_order() is not properly escaped. We control this value using $_POST['payload']. http://security.szurek.pl/tiny-tiny-rss-blind-sql-injection.html 2. Proof of Concept Login as regular user.
3. Solution: Update to version a5556c2471973e292dce615fe0c77fdbbc54405b # Iranian Exploit DataBase = http://IeDb.Ir [2016-02-19]