We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http://www.zzcms.net/about/6.html
software link: https://github.com/Boomingjacob/ZZCMS/raw/main/zzcms2021.zip
PHP version > = 4.3.0
Mysql version>=4.0.0
in file admin/ad_manage.php line20:
As shown in the picture above, parameter b is directly assigned to $b.
Then, $b is directly spliced into the SQL statement in line 57, which leads to the SQL injection vulnerability.
POC:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
ZZCMS2021_sqlinject_1
PoC by rerce&rpsate
ZZCMS the lastest version download page :
http://www.zzcms.net/about/6.html
software link: https://github.com/Boomingjacob/ZZCMS/raw/main/zzcms2021.zip
Environmental requirements
PHP version > = 4.3.0
Mysql version>=4.0.0
vulnerability code:
in file admin/ad_manage.php line20:
As shown in the picture above, parameter b is directly assigned to $b.
Then, $b is directly spliced into the SQL statement in line 57, which leads to the SQL injection vulnerability.
POC:
The text was updated successfully, but these errors were encountered: