This exploit demonstrates a SQL injection vulnerability in BBMedia Design's software, allowing an attacker to extract sensitive data (e.g., user credentials) via a crafted UNION-based SQL query. The provided demo URL shows a practical example of exploiting the vulnerability.
Classification
Working Poc 90%
Target:
BBMedia Design's page.php (version unspecified)
No auth needed
Prerequisites:
Access to a vulnerable BBMedia Design installation · Knowledge of the target's database schema