Skip to content

ZZCMS2021 has a SQL injection vulnerability #1

Open
@xunyang1

Description

@xunyang1

ZZCMS2021_sqlinject_1

PoC by rerce&rpsate

ZZCMS the lastest version download page :

http://www.zzcms.net/about/6.html

software link: https://github.com/Boomingjacob/ZZCMS/raw/main/zzcms2021.zip

Environmental requirements

PHP version > = 4.3.0

Mysql version>=4.0.0

vulnerability code:

in file admin/ad_manage.php line20:

微信图片_20220119222533

As shown in the picture above, parameter b is directly assigned to $b.

微信图片_20220119222527

Then, $b is directly spliced into the SQL statement in line 57, which leads to the SQL injection vulnerability.

POC:

  1. First log in to the administrator account
  2. Visit http://ip/admin/ad_manage.php?b=A%27%20%26%26%20sleep(5)%23 and intercept with burp.
  3. You can see that the delay is 5s.
    微信图片_20220119222538

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions