The exploit demonstrates a SQL injection vulnerability in HotelDruid 2.2.4 via the 'anno' and 'id_utente_mod' parameters. It includes functional payloads that extract table names from the database using UNION-based SQLi techniques.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:HotelDruid 2.2.4
No auth needed
Prerequisites:Access to the vulnerable web application