The exploit demonstrates multiple vulnerabilities in DaloRadius, including SQL injection, CSRF, and XSS. It provides functional proof-of-concept code for changing admin passwords via CSRF and SQL injection via crafted GET parameters.
Classification
Working Poc 90%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:DaloRadius (version not specified)
No auth needed
Prerequisites:Access to the DaloRadius web interface