This exploit demonstrates a SQL injection vulnerability in Schoolhos CMS Beta 2.29. The PoC shows how to inject a UNION-based SQL query to extract database version information via the 'id' parameter in the 'info' page.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Schoolhos CMS Beta 2.29
No auth needed
Prerequisites:Access to the vulnerable Schoolhos CMS instance