This exploit demonstrates SQL injection vulnerabilities in Easy Web Search v3.0 via the 'id' and 'q' parameters in 'go.php' and 'all.php' respectively. The PoC uses 'extractvalue' and 'Procedure Analyse' techniques to extract database version information.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Easy Web Search - PHP Search Engine with Image Search and Crawling System v3.0
No auth needed
Prerequisites:Access to the vulnerable web application