This is a SQL injection proof-of-concept for Navis WebAccess, targeting the 'GKEY' parameter in the '/express/showNotice.do' endpoint. The exploit demonstrates error-based SQL injection techniques to trigger Oracle database errors, confirming vulnerability.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Navis WebAccess (Express/All versions)
No auth needed
Prerequisites:Access to the target web application · Oracle database backend