You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Time-based SQL Injection can be triggered by the "sort" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.
"OR boolean-based blind - WHERE or HAVING clause" and "Time-Based" SQL Injection can be triggered by the "mid" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.
Blackh4n Reporter
Summary
Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability.
PoC
http://host:port/zm/index.php?sort=**if(now()=sysdate()%2Csleep(6)%2C0)**&order=desc&limit=20&view=request&request=watch&mid=1
http://host:port/zm/index.php?limit=20&mid=-1%20OR%203*2*1=6%20AND%20000322=000322&order=desc&request=watch&sort=Id&view=request
Impact
Time-based SQL Injection can be triggered by the "sort" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.
"OR boolean-based blind - WHERE or HAVING clause" and "Time-Based" SQL Injection can be triggered by the "mid" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.