This Python script exploits a SQL injection vulnerability in Easy-Clanpage v2.01 by injecting a UNION-based query to extract user credentials (username, password, email) from the 'ecp_user' table. The exploit constructs a malicious URL with a crafted SQL payload and parses the response to display the extracted data.
Classification
Working Poc 95%
Target:
Easy-Clanpage <= v2.01
No auth needed
Prerequisites:
Target URL with vulnerable Easy-Clanpage installation · Network access to the target