Phpwebgallery <= 1.4.1 SQL injection Vulnerability Apr 03 2006 02:07PM
t4h4 linuxmail org
Moroccan Security Team (|ucif3r)
Greetz To All Freind

Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks

The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks.

Exploit:

http://localhost/phpwebgallery/category.php?cat=search&search=[SQL]

t4h4[at]linuxmail[dot]com :D

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus