The exploit demonstrates blind SQL injection vulnerabilities in Webcat CMS via the 'id' and 'web_id' parameters in 'cms_view.php'. It includes PoC URLs for both blind and non-blind SQLi, with payloads designed to extract user credentials.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Webcat CMS (version unspecified)
No auth needed
Prerequisites:Access to the vulnerable Webcat CMS instance