Difference between revisions of "CVE-2021–27673 Zenario CMS 8.8.52729 SQL注入漏洞"
From PwnWiki
(Created page with "<languages /> <translate> ==影響版本== </translate> Version: 8.8.52729 ==EXP== <pre> # Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (A...") |
(Marked this version for translation) |
||
| Line 2: | Line 2: | ||
<translate> | <translate> | ||
| − | ==影響版本== | + | ==影響版本== <!--T:1--> |
</translate> | </translate> | ||
Version: 8.8.52729 | Version: 8.8.52729 | ||
Latest revision as of 09:24, 12 June 2021
影響版本
Version: 8.8.52729
EXP
# Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) # Date: 05–02–2021 # Exploit Author: Avinash R # Vendor Homepage: https://zenar.io/ # Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 # Version: 8.8.52729 # Tested on: Windows 10 Pro (No OS restrictions) # CVE : CVE-2021–27673 # Reference: https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38 ##### Step To Reproduce ##### 1) Login to the admin page of Zenario CMS with admin credentials, which is http://server_ip/zenario/admin.php 2) Click on, New → HTML page to create a new sample page and intercept it with your interceptor. 3) Just a single quote on the 'cID' parameter will confirm the SQL injection. 4) After confirming that the 'cID' parameter is vulnerable to SQL injection, feeding the request to SQLMAP will do the rest of the work for you. ############ End ############
