Zenario CMS 8.8.52729 – ‘cID’ SQL injection (Authenticated)

• Exploit Database
• 15 阅读

• 作者： Avinash R
  日期： 2021-06-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49988/

• # Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)
  # Date: 05–02–2021
  # Exploit Author: Avinash R
  # Vendor Homepage: https://zenar.io/
  # Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8
  # Version: 8.8.52729
  # Tested on: Windows 10 Pro (No OS restrictions)
  # CVE : CVE-2021–27673
  # Reference: https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38
  
  ##### Step To Reproduce #####
  
  1) Login to the admin page of Zenario CMS with admin credentials, which is
  http://server_ip/zenario/admin.php
  
  2) Click on, New → HTML page to create a new sample page and intercept it
  with your interceptor.
  
  3) Just a single quote on the 'cID' parameter will confirm the SQL
  injection.
  
  4) After confirming that the 'cID' parameter is vulnerable to SQL
  injection, feeding the request to SQLMAP will do the rest of the work for
  you.
  
  ############ End ############