ClickGallery download_image.asp image_id Variable SQL Injection

2006-11-26T09:03:57
ID OSVDB:30762
Type osvdb
Reporter OSVDB
Modified 2006-11-26T09:03:57

Description

Manual Testing Notes

http://[target]/download_image.asp?image_id=[SQL Injection]

References:

Secunia Advisory ID:23136 Related OSVDB ID: 30761 Related OSVDB ID: 30765 Related OSVDB ID: 30766 Related OSVDB ID: 30763 Related OSVDB ID: 30764 Other Advisory URL: http://www.aria-security.com/forum/showthread.php?t=49 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0519.html FrSIRT Advisory: ADV-2006-4743 CVE-2006-6187