SQL Injection in Softbiz Image Gallery

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL Injection in Softbiz Image Gallery
From: xx_hack_xx_2004@xxxxxxxxxxx
Date: 31 Mar 2006 21:13:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello
Vulnerable: Softbiz Image Gallery
http://www.softbizscripts.com

Exploit :
http://example.com/imagegallery/image_desc.php?id=[SQL]

http://example.com/imagegallery/template.php?provided=[SQL]

http://example.com/imagegallery/suggest_image.php?cid=[SQL]

http://example.com/imagegallery/insert_rating.php?img_id=[sql]

http://example.com/imagegallery/images.php?cid=[SQL]

Discovery by Linux_Drox

http://LeZr.Com

Best Regards ,,

Prev by Date: RE: recursive DNS servers DDoS as a growing DDoS problem
Next by Date: Re: On product vulnerability history and vulnerability complexity
Previous by thread: MyBB 1.10 New CrossSiteScripting
Next by thread: [ MDKSA-2006:064 ] - Updated MySQL packages fix logging bypass vulnerability
Index(es):
- Date
- Thread