# Exploit Title: Webrun - 'P_0' SQL Injection  
# Google Dork: intitle:"Webrun"  
# Date: 23/11/2021  
# Exploit Author: Vinicius Alves  
# Vendor Homepage:  
# Version:  
# Tested on: Kali Linux 2021.3  
=-=-=-= Description =-=-=-=  
Webrun version is vulnerable to SQL Injection, applied to the P_0  
parameter used to set the username during the login process.  
=-=-=-= Exploiting =-=-=-=  
In the post request, change the P_0 value to the following payload:  
You will see some information like below:  
interactionError('ERRO: sintaxe de entrada é inválida para tipo numeric:  
\"qvvxq1qbzbq\"', null, null, null, '<b>  
=-=-=-= POC =-=-=-=  
If the return has the value 'qvvxq1qbzbq', you will be able to successfully  
exploit this.  
See an example of the complete POST parameter: