This exploit demonstrates a SQL injection vulnerability in KORA 2.7.0 via the 'cid' parameter in the 'ajax/control.php' endpoint. The PoC includes a crafted HTTP request that extracts database information (user, database name, and version) using a UNION-based SQL injection technique.
Classification
Working Poc 95%
Target:
KORA 2.7.0
No auth needed
Prerequisites:
Access to the target web application · Network connectivity to the vulnerable endpoint