This exploit demonstrates a blind SQL injection vulnerability in UCCASS v1.8.1 and earlier. The vulnerability arises from unfiltered user input in the 'sid' parameter in filter.php, which is directly used in SQL queries without sanitization.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:UCCASS (Unit Command Climate Assessment and Survey System) v1.8.1 and earlier
No auth needed
Prerequisites:Access to the vulnerable UCCASS application