header-logo
Suggest Exploit
vendor:
Ananda Image Gallery
by:
L0rd CrusAd3r aka VSN
7,5
CVSS
HIGH
SQLi Vulnerability
89
CWE
Product Name: Ananda Image Gallery
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Ananda Image Gallery SQL Vulnerable

Unlimited photo upload: This software helps you to upload unlimited photo to you website. Auto Thumbnail and Auto photo aspect ratio creater: This software automatically create thumbnail of uploaded photo and also mange aspect ratio of the uploaded photo with the thumbnail photo so there will be no photo tear and also you can manage the compression rate of uploaded photo. Admin Panel: This software comes with admin panel form where you can upload photo, create category and subcategory. Categories and subcategories: Admin can create unlimited category and subcategory, it is very easy to create any number of hierarchical categories. Profile Setup: Admin can change profile form control panel, which will appear in contact us page. Password Setup: Admin can change password form their control panel. Easy Setup: Setting up this software is very easy. Just unzip the files and upload it to your server. then just set one file and you are ready to go.

Mitigation:

Ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

Exploit Title:Ananda Image Gallery SQL Vulnerable
Vendor url:http://www.softwebsnepal.com/
Version:n/a
Price:159$
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Published: 2010-06-17
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhra hackers.com

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Description:

Unlimited photo upload:
This software helps you to upload unlimited photo to you website.
click here for Thumbnail

Auto Thumbnail and Auto photo aspect ratio creater:
This software automatically create thumbnail of uploaded photo and also
mange aspect ratio of the uploaded photo with the thumbnail photo so there
will be no photo tear and also you can manage the compression rate of
uploaded photo.

Admin Panel:
This software comes with admin panel form where you can upload photo, create
category and subcategory.


Categories and subcategories:
Admin can create unlimited category and subcategory, it is very easy to
create any number of hierarchical categories.
click here for Thumbnail


Profile Setup :
Admin can change profile form control panel, which will appear in contact us
page.
click here for Thumbnail

Password Setup :
Admin can change password form their control panel.
click here for Thumbnail

Easy Setup:
Setting up this software is very easy. Just unzip the files and upload it to
your server. then just set one file and you are ready to go.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://[site]/gallery/default.asp?id=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r

Navigation

Suggest Exploit

Services By CQR