This exploit demonstrates a SQL injection vulnerability in phpwebquest-2.6 via the 'id_actividad' and 'id_pagina' parameters. The code shows how unvalidated user input is directly used in SQL queries, allowing for arbitrary SQL command execution.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:phpwebquest-2.6
No auth needed
Prerequisites:Access to the vulnerable web application endpoint