This exploit demonstrates a SQL injection vulnerability in MPS Box 0.1.8.0 via the 'uuid' parameter in 'popup.qrcode.inc.php'. The payload extracts database schema information, including table and column names, using a time-based blind SQLi technique.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:MPS Box 0.1.8.0
No auth needed
Prerequisites:Network access to the target application · The vulnerable endpoint must be accessible