This exploit demonstrates a SQL injection vulnerability in com_hestar 1.0.0, allowing an attacker to extract user credentials from the database via a crafted HTTP request. The PoC includes a functional payload that concatenates username and password fields from the 'mos_users' table.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:com_hestar 1.0.0
No auth needed
Prerequisites:Access to the target web application · SQL injection vulnerability in the 'id' parameter