AOH :: HP Unsorted C :: C07-1007.HTM

ClickGallery Sql Injection



ClickGallery Sql Injection
ClickGallery Sql Injection



#Aria-Security Team Advisory
# For English > 
# For Persian > 
#-----------------------------------------------------------
#Software: Click Gallery
#Method: SQL Injection  And XSS
#Vendor:ClickGallery.net
#
#PoC:
#
#
#http://target/view_gallery.asp?gallery_id=809¤tpage=[SQL Injection] 
#http://target/view_gallery.asp?gallery_id=[SQL injection] 
#http://target/download_image.asp?image_id=[SQL Injection] 
#http://target/gallery.asp?currentpage=[SQL Injection] 
#http://target/view_recent.asp?currentpage=[SQL Injection] 
#http://taget/gallery.asp?currentpage=2&orderby=[SQL Injection] 
#
#You are able to use XSS by searching your script .
#example in Search: 
#
#Contact: Advisory@aria-security.net 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.