This is a vulnerability writeup describing a SQL injection flaw in ES Job Search Engine v3.0. The PoC demonstrates a union-based SQLi via the 'category' parameter to extract table names from the database.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:ES Job Search Engine v3.0
No auth needed
Prerequisites:Network access to the target application