TCExam 11.1.029 SQL Injection

`------------------------------------------------------------------------  
Software................TCExam 11.1.029  
Vulnerability...........SQL Injection  
Threat Level............Serious (3/5)  
Download................http://www.tcexam.org/  
Discovery Date..........5/2/2011  
Tested On...............Windows Vista + XAMPP  
------------------------------------------------------------------------  
Author..................AutoSec Tools  
Site....................http://www.autosectools.com/  
Email...................John Leitch <[email protected]>  
------------------------------------------------------------------------  
  
  
--Description--  
  
A sql injection vulnerability in TCExam 11.1.029 can be exploited to  
extract arbitrary data.  
  
  
--PoC--  
  
http://localhost/tcexam/admin/code/tce_xml_user_results.php?lang=&user_id=1&startdate=[SQL]&enddate=[SQL]&order_field=[SQL]  
`