<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Phpwebgallery <= 1.4.1 SQL injection Vulnerability

Phpwebgallery <= 1.4.1 SQL injection Vulnerability

From: <t4h4_at_linuxmail.org>
Date: 3 Apr 2006 14:07:26 -0000

('binary' encoding is not supported, stored as-is) Moroccan Security Team (|ucif3r)
Greetz To All Freind

Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks

The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks.

Exploit:

http://localhost/phpwebgallery/category.php?cat=search&search=[SQL]

t4h4[at]linuxmail[dot]com :D
Received on Apr 03 2006

This message: [ Message body ]
Next message: Secunia Research: "Secunia Research: AN HTTPD Script Source Disclosure Vulnerability"
Previous message: ali_at_hackerz.ir: "SiteMan <= All version SQL injection in admin_login.asp"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos