SQL Injection in Softbiz Image Gallery
Date: 31 Mar 2006 21:13:29 -0000
From: [email protected]
To: [email protected]
Subject: SQL Injection in Softbiz Image Gallery
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hello
Vulnerable: Softbiz Image Gallery
http://www.softbizscripts.com
Exploit :
http://example.com/imagegallery/image_desc.php?id=[SQL]
http://example.com/imagegallery/template.php?provided=[SQL]
http://example.com/imagegallery/suggest_image.php?cid=[SQL]
http://example.com/imagegallery/insert_rating.php?img_id=[sql]
http://example.com/imagegallery/images.php?cid=[SQL]
Discovery by Linux_Drox
http://LeZr.Com
Best Regards ,,
