This is a proof-of-concept for a boolean-based blind SQL injection vulnerability in Emby MediaServer. The exploit demonstrates how an unsanitized 'MediaTypes' parameter in a GET request can trigger a SQL error, confirming the vulnerability.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Emby MediaServer 3.2.5 and earlier
Auth required
Prerequisites:Access to the Emby server · Valid authentication token