This exploit demonstrates a PHP object injection vulnerability in PHP-Fusion 9.03.60, which is leveraged to achieve SQL injection. It uses a time-based blind SQL injection technique to dump the contents of the user table, including sensitive information like passwords and emails.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:PHP-Fusion v9.03.60
No auth needed
Prerequisites:Access to the target URL · PHP environment to generate payloads