This exploit demonstrates a SQL injection vulnerability in A2billing 2.x via the 'transactionID' parameter in 'agent/public/checkout_process.php'. The PoC bypasses sanitization by injecting malicious SQL syntax, resulting in information leakage.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:A2billing 2.x (including 2.1.1)
No auth needed
Prerequisites:Access to the vulnerable endpoint · Ability to send crafted POST requests