Wowonder CMS - Privilege Escalation

Risk: Medium
Local: No
Remote: Yes

Today I will explain an exploit of Privilege Escalation in Wowonder CMS. First we need firefox (v56.0.2 or earlier) and then download hackbar: Note: If the bar does not appear, press F9 to make it appear and disappear. Once everything is ready, we use the following dork, to search for pages with this CMS: inurl: "? link1 = welcome" Once we have set our goal, we will proceed to register and once everything is completed, what we will do is load the url in hackbar and activate the POST data, and the part of the url of the goal we add: requests.php?f=save_user_location And in the post data part we add: lat = 0000\&lng=, admin=CHAR (49) WHERE username = CONCAT () -- 0 Between parentheses of CONCAT (), we add our converted user to MySQL CHAR, and then they give it to execute and they will have to throw the answer code 200, which means that the exploit worked, now we are going to / admin-cp and ready .

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018,


Back to Top