This exploit demonstrates a SQL injection vulnerability in the Yii Framework's search functionality, allowing an attacker to extract sensitive information such as usernames and passwords from the database via a crafted UNION SELECT query.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Yii Framework 1.1.8 (possibly other versions)
No auth needed
Prerequisites:A vulnerable Yii Framework application with exposed search functionality