This exploit demonstrates a SQL injection vulnerability in Azaronline Design software, allowing attackers to extract admin credentials via a crafted UNION-based query. The vulnerability is present in multiple PHP scripts (e.g., news.php, sgallery.php) via the 'id' parameter.
Classification
Working Poc 90%
Target:
Azaronline Design (version unspecified)
No auth needed
Prerequisites:
Target website using Azaronline Design software · Access to vulnerable PHP scripts with 'id' parameter