This exploit demonstrates a SQL injection vulnerability in AlstraSoft EPay Enterprise v4.13. The PoC provides a union-based SQLi payload to extract user credentials from the `dp_members` table via the `cid` parameter in `shop.htm` or `shop.php`.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:AlstraSoft EPay Enterprise v4.13
No auth needed
Prerequisites:Access to the vulnerable `shop.htm` or `shop.php` endpoint with the `cid` parameter