# Zenario CMS 8.8.53370 SQL注入漏洞
==EXP==
# Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection # Date: 05/02/2021 # Exploit Author: Balaji Ayyasamy # Vendor Homepage: https://zenar.io/ # Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 # Version: 8.8.53370 # Tested on: Windows 10 Pro 19041 (x64_86) + XAMPP 7.4.14 # Reference - https://edhunter484.medium.com/blind-sql-injection-on-zenario-cms-b58b6820c32d Step 1 - Login to the zenario cms with admin credentials. Step 2 - Go to modules and select plugin library. Step 3 - Select any plugin and press delete button. Copy the delete request and send it to the sqlmap. Command - sqlmap -r request.txt -p id
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容