[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Phpwebgallery <= 1.4.1 SQL injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Phpwebgallery <= 1.4.1 SQL injection Vulnerability
From: t4h4@xxxxxxxxxxxxx
Date: 3 Apr 2006 14:07:26 -0000

Moroccan Security Team (|ucif3r)
Greetz To All Freind

Phpwebgallery 1.4.1 is vulnerable to SQL Injection  Attacks

The flaw is due to input validation errors in the "category.php" script when 
handling the "search"variables, which could be exploited by malicious people to 
conduct SQL injection attacks.

Exploit: 

http://localhost/phpwebgallery/category.php?cat=search&search=[SQL]

t4h4[at]linuxmail[dot]com :D

Prev by Date: SiteMan <= All version SQL injection in admin_login.asp
Next by Date: Secunia Research: AN HTTPD Script Source Disclosure Vulnerability
Previous by thread: SiteMan <= All version SQL injection in admin_login.asp
Next by thread: Secunia Research: AN HTTPD Script Source Disclosure Vulnerability
Index(es):
- Date
- Thread