This exploit demonstrates an SQL injection vulnerability in the XOOPS 'badliege' module. The PoC uses a crafted URL to extract admin credentials from the 'xoops_users' table via a UNION-based SQL injection.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:XOOPS 'badliege' module
No auth needed
Prerequisites:Access to the vulnerable XOOPS module