<<< Date Index >>>     <<< Thread Index >>>

Phpwebgallery <= 1.4.1 SQL injection Vulnerability



Moroccan Security Team (|ucif3r)
Greetz To All Freind

Phpwebgallery 1.4.1 is vulnerable to SQL Injection  Attacks

The flaw is due to input validation errors in the "category.php" script when 
handling the "search"variables, which could be exploited by malicious people to 
conduct SQL injection attacks.

Exploit: 

http://localhost/phpwebgallery/category.php?cat=search&search=[SQL]

t4h4[at]linuxmail[dot]com :D