This exploit demonstrates a SQL injection vulnerability in Fifa Master XLS 2.3.2 via the 'usw' parameter in chat.php. The PoC includes a crafted HTTP request that extracts user credentials (username and password) from the database.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Fifa Master XLS 2.3.2
No auth needed
Prerequisites:Access to the chat.php endpoint · Database connectivity