Blind SQL Injection on Zenario CMS

Balaji
2 min readFeb 9, 2021

--

Recently I have found out SQL injection in the Zenario CMS.

Title of the Vulnerability: Blind SQL Injection

Vulnerability Class: SQL Injection

Technical Details & Description: In the plugin library module, Plugin deletion request is sent using the ajax.php page which is vulnerable to the Blind SQLi.

Parameter: id (POST)

Product: Zenario 8.8.52729

Steps:

  1. Login to the Zenario CMS using admin credentials.

2. After successful login go to the top left corner and click on the down arrow and then go to the modules and select the Plugin Library.

3. Now select any plugin and we can see the delete button at the top.

4. Press the delete button and capture the request in the burp suite.

5. Now add the ‘ in the id parameter and send the request. Server responds with the SQL error.

6. Now copy the request to the text file and pass it to the sqlmap. Boom!! SQL Injection

Reported Date: 05–02–2021

Fixed Date: 08–02–2021

Fixed Version: Zenario 8.8.53370

Reference: https://github.com/TribalSystems/Zenario/releases

CVE: CVE-2021–26830

Exploit Author: Balaji Ayyasamy (Zacco Cyber Security Research Labs)

--

--

No responses yet