Lucene search

K

invisionGallery206.txt

🗓️ 06 May 2006 00:00:00Reported by Devil-00Type 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 13 Views

Invision Gallery 2.0.6 SQL Injection in modules/gallery/post.ph

Show more
Code
`[left]  
Invision Gallery 2.0.6 ( SQL Injection )  
  
File :- modules/gallery/post.php  
Line :- 943  
Bug By :- Devil-00  
  
* Welcome Back ( Security4arab ) *  
  
Arabian Security WebSites  
  
www.s4a.cc  
www.securitygurus.net  
  
[php]  
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={$this->ipsclass->input['album']}" ) );  
[/php]  
  
$this->ipsclass->input['album'] = Unfilter Input  
  
Exploit :-  
  
Post New Image Then Edit POST Requset By HTTPLiveHeader  
  
album=[SQL]  
  
Fix :-  
  
[php]  
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={".intval($this->ipsclass->input['album'])."}" ) );  
[/php]  
[/left]  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo