# Exploit Title: Plogger Photo Gallery Script SQL Injection Vulnerability
# Date: 2012
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


Issue: SQL Injection

Risk level: High

The remote attacker has the possibility to execute arbitrary SQL Code.

Vulnerable Page:
plog-rss.php (SQLi)


Example:
URL encoded GET input id was set to 1'" (For SQLi)


POC:
http://www.plogger.org/demo/plog-rss.php?id=1%27%22&level=collection


Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr