This exploit demonstrates a SQL injection vulnerability in the 'School Full CBT' application, specifically in the 'show.php' file where user input is directly used in a SQL query without proper sanitization. The provided example shows how to extract admin credentials and database information via a UNION-based SQL injection.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:School Full CBT 0.1
No auth needed
Prerequisites:Access to the vulnerable web application