This exploit demonstrates a SQL injection vulnerability in Jelastic 5.4 via the 'Host' header in the authentication endpoint. The payload manipulates the SQL query to confirm boolean-based blind injection, allowing unauthorized data extraction or authentication bypass.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Jelastic 5.4
No auth needed
Prerequisites:Access to the target Jelastic instance · Network connectivity to the authentication endpoint