This exploit demonstrates a SQL injection vulnerability in OPAC EasyWeb Five 5.7 via the 'nome' parameter. It uses UNION-based techniques to extract database information, including table and column names, and leverages MySQL functions like export_set and CONCAT_WS for data exfiltration.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:OPAC EasyWeb Five 5.7
No auth needed
Prerequisites:Access to the vulnerable endpoint · MySQL database backend