2BGal 2.5.1 - Remote SQL Injection Vulnerability

2004-12-22T00:00:00
ID EDB-ID:25045
Type exploitdb
Reporter zib
Modified 2004-12-22T00:00:00

Description

2BGal 2.5.1 Remote SQL Injection Vulnerability. CVE-2004-1415. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/12083/info

A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information. 

http://www.example.com/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%20passwd%20as%20nom,%20idpere%20FROM%20galbumlist%20LIMIT%201;--