source: http://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and password values before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries. http://www.example.com/photoalbum/admin/adminlogin.asp If we type: Username: 'or' Password: 'or' We gain admin access about the password protected administrative pages.
Related ExploitsTrying to match CVEs (1): CVE-2004-2746
Trying to match OSVDBs (1): 3585
Other Possible E-DB Search Terms: XtremeASP PhotoGallery 2.0, XtremeASP PhotoGallery