The exploit demonstrates a SQL injection vulnerability in Online Shop Project 1.0 via the 'p' parameter in product.php. The payload uses UNION-based SQLi to extract the MySQL data directory path (@@datadir).
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Online Shop Project 1.0
No auth needed
Prerequisites:Access to the vulnerable web application