You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Time-based SQL Injection can be triggered by the "sort" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.
"OR boolean-based blind - WHERE or HAVING clause" and "Time-Based" SQL Injection can be triggered by the "mid" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Learn more on MITRE.
Blackh4n Reporter
Summary
Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability.
PoC
http://host:port/zm/index.php?sort=**if(now()=sysdate()%2Csleep(6)%2C0)**&order=desc&limit=20&view=request&request=watch&mid=1
http://host:port/zm/index.php?limit=20&mid=-1%20OR%203*2*1=6%20AND%20000322=000322&order=desc&request=watch&sort=Id&view=request
Impact
Time-based SQL Injection can be triggered by the "sort" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.
"OR boolean-based blind - WHERE or HAVING clause" and "Time-Based" SQL Injection can be triggered by the "mid" parameter of the "/zm/index.php" endpoint. An attacker can damage all data, cause repudiation issues, and dump all the probable databases.