This exploit demonstrates a SQL injection vulnerability in Rash CMS, specifically in the contact-config.php file. The vulnerability allows an attacker to inject malicious SQL queries via the 'reciver' POST parameter, potentially leading to unauthorized data access or manipulation.
Classification
Working Poc 90%
Target:
Rash CMS
No auth needed
Prerequisites:
Access to the vulnerable Rash CMS instance · Ability to send HTTP POST requests to the target server