Symfony2 < 2.5.4 profiler exploit
=================================

This exploit abuses a feature of Symfony2's web profiler allowing anyone to inject and explain SQL queries.


Example:
--------

    $ python sf2-profiler-sqli.py --url http://localhost/ --table example_user --columns id,username,password

The above example extracts the *id*,*username* and *password* of each *example_user* table record and display their contents.

More info
---------

[Read the related paper.](https://www.sysdream.com/exploiting-symfony2-profiler)