Skip to content

SQL injection in cat_move.php #1010

Closed
Closed
@zongdeiqianxing

Description

Hi, I found a sql injection vulnerability in cat_move.php:
The 'move_categories' method is called when moving the album in '/admin.php?page=cat_move', but the method does not validate and filter the 'selection' and 'parent' parameters, thus causing the vulnerability.

replace any of the following parameter in POST requests to reappear the vulnerability:
selection%5B%5D=1)` and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23
or
parent=1 and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23

I use 'sqlmap' to reappear the vulnerability:
4
6

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions