@WilyXem mentioned us in a tweet about a HTC POST SQL injection he found in a subdomain of their site (learning-development.htc.com).

. In the tweet he included a Pastehtml. You can view the tweet below:

He dumped a list of tables in the database “uniprosi_htc” which also included a table holding the admin credentials, “capp_admin”.

[+] DataBase Version : 5.0.45 [+] Current DataBase : uniprosi_htc [+] Others DB's : information_schema, test [+] System User : [email protected]