stockboxphoto SQLi

2018.05.25

Arm_Legi (CH)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: Powered by Lightbox™ Gallery Software index.php?category=

################################################
# Exploit Title: stockboxphoto SQLi							#
# dork : Powered by Lightbox™ Gallery Software index.php?category=	#
# Exploit Author: Arm_Legi (Anonplus, http://anonplus.tk/)                   #
# Date: 17 May 2018                                                                          #
# Vendor : http://www.stockboxphoto.com/	                                        #
# Version : last				                                                        #
# CVE: N/A										        #				
################################################

Technical Details & Description:
================================
A remote sql-injection web vulnerability has been discovered in a web app of www.stockboxphoto.com
The vulnerability allows remote attackers to inject own malicious sql commands to compromise the connected web-server or dbms.

Request Method(s):
[+] GET

Vulnerable File(s):
[+] index.php

Vulnerable Parameter(s):
[+] category

================================

PoC:

https://site.site/index.php?category=gallery(SQLi)&start=0
https://site.site/LightBox/index.php?category=gallery(SQLi)&start=0

================================
I try to contact the developer with no response !
Ps
You can Request with POST Method too !

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

stockboxphoto SQLi

Dork: Powered by Lightbox™ Gallery Software index.php?category=

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

stockboxphoto SQLi

Dork: Powered by Lightbox™ Gallery Software index.php?category=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.