Today I will explain an exploit of Privilege Escalation in Wowonder CMS.
First we need firefox (v56.0.2 or earlier) and then download hackbar: https://addons.mozilla.org/es/firefox/addon/hackbar/
Note: If the bar does not appear, press F9 to make it appear and disappear.
Once everything is ready, we use the following dork, to search for pages with this CMS:
inurl: "? link1 = welcome"
Once we have set our goal, we will proceed to register and once everything is completed, what we will do is load the url in hackbar and activate the POST data, and the part of the url of the goal we add: requests.php?f=save_user_location
And in the post data part we add: lat = 0000\&lng=, admin=CHAR (49) WHERE username = CONCAT () -- 0
Between parentheses of CONCAT (), we add our converted user to MySQL CHAR, and then they give it to execute and they will have to throw the answer code 200, which means that the exploit worked, now we are going to / admin-cp and ready .