The document describes an SQL injection vulnerability in Equipment Rental Script-1.0, specifically targeting the 'package_id' parameter. It includes a detailed payload for error-based SQLi and references the vulnerability's impact on database information theft.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:Equipment Rental Script-1.0
No auth needed
Prerequisites:Access to the vulnerable endpoint · Ability to send crafted POST requests