Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-25161. PoCs published by Ihsan Sencan.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Warranty Tracking System 11.06.3 via the 'txtCustomerCode', 'txtCustomerName', and 'txtPhone' parameters. The PoC includes crafted HTTP POST requests that inject malicious SQL payloads to extract database information.
Description
Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in Warranty Tracking System 11.06.3 via the 'txtCustomerCode', 'txtCustomerName', and 'txtPhone' parameters. The PoC includes crafted HTTP POST requests that inject malicious SQL payloads to extract database information.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N