This exploit demonstrates a boolean-based blind SQL injection vulnerability in the 'ser' parameter of FS Thumbtack Clone's service-provider.php. The payload confirms the vulnerability by injecting a condition that evaluates to true, demonstrating the ability to manipulate the SQL query.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:FS Thumbtack Clone (version 24 October 17)
No auth needed
Prerequisites:Access to the vulnerable service-provider.php endpoint