680a0b6cea
12 changes to exploits/shellcodes WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated) Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS) Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS) Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF) OpenEMR 5.0.0 - Remote Code Execution (Authenticated) WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Grocery crud 1.6.4 - 'order_by' SQL Injection Solar-Log 500 2.8.2 - Incorrect Access Control Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) WoWonder Social Network Platform 3.1 - Authentication Bypass
26 lines
No EOL
1,002 B
Text
26 lines
No EOL
1,002 B
Text
# Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)
|
||
# Date: 05–02–2021
|
||
# Exploit Author: Avinash R
|
||
# Vendor Homepage: https://zenar.io/
|
||
# Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8
|
||
# Version: 8.8.52729
|
||
# Tested on: Windows 10 Pro (No OS restrictions)
|
||
# CVE : CVE-2021–27673
|
||
# Reference: https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38
|
||
|
||
##### Step To Reproduce #####
|
||
|
||
1) Login to the admin page of Zenario CMS with admin credentials, which is
|
||
http://server_ip/zenario/admin.php
|
||
|
||
2) Click on, New → HTML page to create a new sample page and intercept it
|
||
with your interceptor.
|
||
|
||
3) Just a single quote on the 'cID' parameter will confirm the SQL
|
||
injection.
|
||
|
||
4) After confirming that the 'cID' parameter is vulnerable to SQL
|
||
injection, feeding the request to SQLMAP will do the rest of the work for
|
||
you.
|
||
|
||
############ End ############ |