The exploit demonstrates a SQL injection vulnerability in Tiger Post v3.0.1, allowing an authenticated user to extract sensitive information (emails and passwords) from the user_management table via a crafted SQL query.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Tiger Post v3.0.1
Auth required
Prerequisites:Authenticated user access · Target application running Tiger Post v3.0.1