Ananda Image Gallery - SQL Injection

EDB-ID:

13902

CVE:

N/A




Platform:

ASP

Date:

2010-06-17


Exploit Title:Ananda Image Gallery SQL Vulnerable
Vendor url:http://www.softwebsnepal.com/
Version:n/a
Price:159$
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Published: 2010-06-17
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhra hackers.com

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Description:

Unlimited photo upload:
This software helps you to upload unlimited photo to you website.
click here for Thumbnail

Auto Thumbnail and Auto photo aspect ratio creater:
This software automatically create thumbnail of uploaded photo and also
mange aspect ratio of the uploaded photo with the thumbnail photo so there
will be no photo tear and also you can manage the compression rate of
uploaded photo.

Admin Panel:
This software comes with admin panel form where you can upload photo, create
category and subcategory.


Categories and subcategories:
Admin can create unlimited category and subcategory, it is very easy to
create any number of hierarchical categories.
click here for Thumbnail


Profile Setup :
Admin can change profile form control panel, which will appear in contact us
page.
click here for Thumbnail

Password Setup :
Admin can change password form their control panel.
click here for Thumbnail

Easy Setup:
Setting up this software is very easy. Just unzip the files and upload it to
your server. then just set one file and you are ready to go.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://[site]/gallery/default.asp?id=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r