Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Zoo Management System 1.0 - SQL Injection

By kannthu

Vidoc logoVidoc Module

Zoo Management System 1.0 - SQL Injection

What is the "Zoo Management System 1.0 - SQL Injection?"

The "Zoo Management System 1.0 - SQL Injection" module is designed to detect a SQL injection vulnerability in the Zoo Management System 1.0 software. This vulnerability allows an attacker to potentially access sensitive information from the database, modify data, and execute unauthorized actions. The severity of this vulnerability is classified as critical.

This module was authored by dwisiswant0.


A successful SQL injection attack on the Zoo Management System 1.0 can have severe consequences. It can lead to unauthorized access to sensitive data, such as user credentials, personal information, or financial records. Additionally, an attacker can manipulate the database, potentially causing data corruption or loss.

How the module works?

The "Zoo Management System 1.0 - SQL Injection" module works by sending a crafted HTTP POST request to the target system. The request is designed to exploit the SQL injection vulnerability in the software. Here is an example of the request:

POST /zms/admin/index.php HTTP/1.1
Host: <Hostname>
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
Referer: /zms/admin/index.php
Cookie: PHPSESSID=<randTextAlphanumeric(10)>


The module then applies matching conditions to the response received from the target system. It checks if the response body contains the phrases "Zoo Management System || Dashboard" and "ZMS ADMIN". Additionally, it verifies that the response status code is 200.

If all matching conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: Zoo Management System (\|\| Dashboard|@ ...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability