This exploit demonstrates a SQL injection vulnerability in WebJaxe 1.01, allowing an attacker to extract user credentials (username and password) via a crafted UNION-based SQL query. The PoC provides a clear example of exploiting the vulnerability in the 'id_contribution' parameter.
Classification
Working Poc 90%
Target:
WebJaxe 1.01
Auth required
Prerequisites:
Registered user credentials · Access to the administration.php page