uPhotoGallery (v 1.1) SQL Injection

2006-11-28T00:00:00
ID SECURITYVULNS:DOC:15241
Type securityvulns
Reporter Securityvulns
Modified 2006-11-28T00:00:00

Description

Aria-Security Team Advisory

<www.Aria-security.Com For English >

<www.Aria-Security.net For Persian >

-----------------------------------------------------------

Software: uPhotoGallery 1.1

Method: SQL injection

PoC:

http://target/slideshow.asp?img_id=290&ci=[SQL Injection]

http://target/thumbnails.asp?ci=[SQL Injection]

Contact: Advisory@aria-security.net