The exploit demonstrates a SQL injection vulnerability in Busewe Website Marketplace Software v1.2. It provides a URL with injectable parameters (e.g., age_min, age_max) that can be manipulated to extract sensitive admin data such as credentials and permissions.
Classification
Working Poc 90%
Target:
Busewe - Website Marketplace Software v1.2
No auth needed
Prerequisites:
Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques