The exploit demonstrates an SQL injection vulnerability in HAWHAW's newsread.php by injecting a UNION-based query to retrieve the database version. The attack leverages insufficient input sanitization to manipulate SQL queries.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:HAWHAW
No auth needed
Prerequisites:Access to the vulnerable endpoint (newsread.php) · SQL injection vulnerability in the storyid parameter