The exploit demonstrates a blind SQL injection vulnerability in ICE HRM v23.0 via the 'ob' parameter, using time-based payloads to confirm the vulnerability. It also includes a frame injection example via the 'msg' parameter.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:ICE HRM v23.0
No auth needed
Prerequisites:Access to the target application · Network connectivity to the target