פגיעות CVE-2021-27673 Zenario CMS 8.8.52729 הזרקת SQL

From PwnWiki
Revision as of 09:30, 12 June 2021 by Pwnwiki (talk | contribs) (Created page with "==גרסה מושפעת==")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English • ‎español • ‎עברית • ‎中文(中国大陆)‎

גרסה מושפעת

Version: 8.8.52729


EXP

# Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)
# Date: 05–02–2021
# Exploit Author: Avinash R
# Vendor Homepage: https://zenar.io/
# Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8
# Version: 8.8.52729
# Tested on: Windows 10 Pro (No OS restrictions)
# CVE : CVE-2021–27673
# Reference: https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38

##### Step To Reproduce #####

1) Login to the admin page of Zenario CMS with admin credentials, which is
http://server_ip/zenario/admin.php

2) Click on, New → HTML page to create a new sample page and intercept it
with your interceptor.

3) Just a single quote on the 'cID' parameter will confirm the SQL
injection.

4) After confirming that the 'cID' parameter is vulnerable to SQL
injection, feeding the request to SQLMAP will do the rest of the work for
you.

############ End ############
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021–27673_Zenario_CMS_8.8.52729_SQL注入漏洞/he&oldid=4811"