This PHP script exploits a semi-blind SQL injection vulnerability in RunCms v2M1's forum module, allowing extraction of admin credentials and potential shell upload via INTO DUMPFILE. It includes authentication handling and proxy support.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:RunCms v2M1
Auth required
Prerequisites:Valid user account · Existing forum entries · MySQL 5.0+ for table prefix extraction