This exploit demonstrates an authentication bypass via SQL injection in the 'grestul' cookie values. The vulnerability arises from inconsistent input sanitization between login.php (using SafeAddSlashes) and index.php (directly using cookie values without sanitization).
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Grestul (version unspecified)
No auth needed
Prerequisites:Access to the target application's login page · JavaScript execution in the victim's browser