Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15228
HistoryNov 27, 2006 - 12:00 a.m.

ClickGallery Sql Injection

2006-11-2700:00:00
vulners.com
22

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#-----------------------------------------------------------
#Software: Click Gallery
#Method: SQL Injection And XSS
#Vendor:ClickGallery.net

#PoC:

#http://target/view_gallery.asp?gallery_id=809&amp;currentpage=[SQL Injection]
#http://target/view_gallery.asp?gallery_id=[SQL injection]
#http://target/download_image.asp?image_id=[SQL Injection]
#http://target/gallery.asp?currentpage=[SQL Injection]
#http://target/view_recent.asp?currentpage=[SQL Injection]
#http://taget/gallery.asp?currentpage=2&amp;orderby=[SQL Injection]

#You are able to use XSS by searching your script .
#example in Search: <script>alert('Aria-Security')</script>

#Contact: [email protected]