This exploit demonstrates a SQL injection vulnerability in webSPELL <= 4.01.02, allowing unauthorized editing of forum topics via crafted URL parameters. The payload bypasses authentication by injecting SQL conditions into the 'id' parameter.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:webSPELL <= 4.01.02
No auth needed
Prerequisites:Target running vulnerable webSPELL version · Access to the forum_topic endpoint