The exploit demonstrates SQL injection vulnerabilities in Guru Auction 2.0, including a union-based SQLi for credential extraction and a blind SQLi for version enumeration. The PoC provides direct HTTP request examples targeting specific parameters.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Guru Auction 2.0
No auth needed
Prerequisites:Access to the vulnerable web application