This exploit demonstrates a SQL injection vulnerability in the 'addlink.php' script, allowing an attacker to extract admin credentials (email and password) via a UNION-based SQLi attack. The payload concatenates the email and password fields with a '>' separator for easy extraction.
Classification
Working Poc 90%
Target:
list Web (addlink.php)
No auth needed
Prerequisites:
Target must have vulnerable 'addlink.php' script exposed · SQL injection vulnerability must be present in the 'id' parameter