|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Phpwebgallery <= 1.4.1 SQL injection Vulnerability
t4h4
linuxmail.org
Date: Mon Apr 03 2006 - 09:07:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Moroccan Security Team (|ucif3r)
Greetz To All Freind
Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks
The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks.
Exploit:
http://localhost/phpwebgallery/category.php?cat=search&search=[SQL]
t4h4[at]linuxmail[dot]com :D
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]