Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: b06-1974.htm

Invision Gallery 2.0.6 ( SQL Injection )



Invision Gallery 2.0.6 ( SQL Injection )
Invision Gallery 2.0.6 ( SQL Injection )



[left]=0D
Invision Gallery  2.0.6 ( SQL Injection )=0D
=0D
	File   :- modules/gallery/post.php=0D
	Line   :- 943=0D
    Bug By :- Devil-00=0D
=0D
    	* Welcome Back ( Security4arab ) *=0D
=0D
            Arabian Security WebSites=0D
=0D
www.s4a.cc=0D 
www.securitygurus.net=0D 
=0D
[php]=0D
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={$this->ipsclass->input['album']}" ) );=0D
[/php]=0D
=0D
    $this->ipsclass->input['album'] = Unfilter Input=0D
=0D
    Exploit :-=0D
=0D
    	Post New Image Then Edit POST Requset By HTTPLiveHeader=0D
=0D
        	album=[SQL]=0D
=0D
Fix :-=0D
=0D
[php]=0D
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={".intval($this->ipsclass->input['album'])."}" ) );=0D
[/php]=0D
[/left]


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH