This is a functional SQL injection exploit for Encaps PHP Gallery, leveraging a vulnerable parameter in the shopcart.php script to perform a UNION-based SQLi attack. The PoC demonstrates the ability to extract data from the database by manipulating the item_id parameter.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Encaps PHP Gallery
No auth needed
Prerequisites:Access to the vulnerable shopcart.php endpoint