This exploit demonstrates a SQL injection vulnerability in BRIM < 2.0.0, allowing an attacker to extract user credentials (loginname and password) from the brim_users table. The exploit bypasses magic_quotes_gpc and requires an authenticated account with tasks enabled.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:BRIM < 2.0.0
Auth required
Prerequisites:Authenticated account with tasks enabled