This exploit demonstrates a blind SQL injection vulnerability in Kronos Telestaff Web Application versions prior to 2.92EU29. The PoC includes examples for extracting database information and executing remote commands via SQL injection in the 'user' POST parameter.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:Kronos Telestaff Web Application < 2.92EU29
No auth needed
Prerequisites:Valid 'code' POST parameter · Access to the login page URL