The following is the detail about this vulnerability I found in Piwigo 11.5.0:
First, visit URL/admin.php and login, then click Album-Move. On this page, click ORDER on the right side.
Then we can see:
Select default, use Burpsuite during clicking APPLY.
Then in sqlmap:
python sqlmap.py -r post.txt -o --dbms=MySQL
See admin\cat_move.php:
Here there seems to be no confirmation of the legitimacy of the parameter $_POST[id]. And other parameters are legal so query is done.
Here is the manual injection test:
(Load successfully after sleeping 5 seconds)
Thanks for reading!
The text was updated successfully, but these errors were encountered:
The following is the detail about this vulnerability I found in Piwigo 11.5.0:
First, visit URL/admin.php and login, then click Album-Move. On this page, click ORDER on the right side.
Then we can see:
Select default, use Burpsuite during clicking APPLY.
Then in sqlmap:
python sqlmap.py -r post.txt -o --dbms=MySQL

See admin\cat_move.php:
Here there seems to be no confirmation of the legitimacy of the parameter $_POST[id]. And other parameters are legal so query is done.
Here is the manual injection test:
(Load successfully after sleeping 5 seconds)

Thanks for reading!
The text was updated successfully, but these errors were encountered: