A python script which exploits a SQLi vulnerability in the Leipzig University Library's seat book system.
The vulnerability is closed by now.
Proof-of-concept exploit. Specify a tracking reader number to receive all bookings from that person. After that, you will receive an email with one of the bookings, then you will be asked to enter this information. To go further, add an e-mail fetching function to exploit fully automatically.
Requires pythons request library.