This is a SQL injection proof-of-concept for OPAC KpwinSQL, demonstrating an error-based SQLi vulnerability in the 'detail_num' parameter of 'zaznam.php'. The error message confirms the vulnerability by exposing a Firebird SQL syntax error.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:OPAC KpwinSQL (all versions)
No auth needed
Prerequisites:Access to the vulnerable 'zaznam.php' endpoint