Open
Description
ZZCMS2021_sqlinject_1
PoC by rerce&rpsate
ZZCMS the lastest version download page :
http://www.zzcms.net/about/6.html
software link: https://github.com/Boomingjacob/ZZCMS/raw/main/zzcms2021.zip
Environmental requirements
PHP version > = 4.3.0
Mysql version>=4.0.0
vulnerability code:
in file admin/ad_manage.php line20:
As shown in the picture above, parameter b is directly assigned to $b.
Then, $b is directly spliced into the SQL statement in line 57, which leads to the SQL injection vulnerability.
POC:
- First log in to the administrator account
- Visit http://ip/admin/ad_manage.php?b=A%27%20%26%26%20sleep(5)%23 and intercept with burp.
- You can see that the delay is 5s.

Metadata
Metadata
Assignees
Labels
No labels

