header-logo
Suggest Exploit
vendor:
ASPSiteware Gallery
by:
R4dc0re
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ASPSiteware Gallery
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:aspsiteware:aspsiteware_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

ASPSiteware Gallery SQL injection Vulnerability

ASP Gallery is a web based image gallery application. It is designed to be a complete ready-to-use image listing. However, it is vulnerable to SQL injection attacks. An attacker can inject malicious SQL code into the 'iType' parameter of the 'type.asp' page, which can be used to access or modify the contents of the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Author: R4dc0re
# Exploit Title: ASPSiteware Gallery SQL injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link: www.aspsiteware.com
# Category:WebApp
#Demo Link:http://www.aspsiteware.com/Gallery/
#Version:1.0
#Price:50$
#Contact: R4dc0re@yahoo.fr
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members 

Submit Your Exploit at Submit@1337db.com

###################################################################
[Product Detail]

ASP Gallery is a web based image gallery application.
Backend by Access database, ASP Gallery can store thousands of images in categories.
Each image is displayed with name and description.
You can customize ASP Gallery for the look and feel of your website.
ASP Gallery is an excellent add-on application for your web site.
It is designed to be a complete ready-to-use image listing.You just add your images.
Start posting your images online and attracting more customers to your site by using this application.
 
[Vulnerability]

SQL Injection:

http://server/Gallery/type.asp?iType=[Code]
###################################################################

Navigation

Suggest Exploit

Services By CQR