This exploit demonstrates a SQL injection vulnerability in Gram Post v1.0, allowing an authenticated attacker to extract user credentials via a crafted request to the `update` endpoint. The payload uses a UNION-based injection to retrieve email and password data from the `user_management` table.
Classification
Working Poc 90%
Target:
Gram Post - Instagram Auto Post Multi Accounts with Paypal integration v1.0
Auth required
Prerequisites:
Valid user credentials · Access to the target application