Home / exploits Plogger Photo Gallery SQL Injection
Posted on 02 January 2012
ÿþ#� �P�l�o�g�g�e�r� �P�h�o�t�o� �G�a�l�l�e�r�y� �A�l�l� �V�e�r�s�i�o�n�s� �S�q�l� �V�u�l�n�e�r�a�b�i�l�i�t�y� �E�x�p�l�o�i�t� � �#� �<�/� �N�o� �P�r�i�v�8� �,� �E�v�e�r�y�t�h�i�n�g� �i�s� �P�u�b�l�i�c� �>� � �#� �D�a�t�e�:� �2�/�1�/�2�0�1�2� �-� �9�:�0�0� � �#� �A�u�t�h�o�r�:� �C�y�b�e�r� �W�h�i�t�e� �H�a�t�s� � �#� �F�i�n�d�e�d� �B�y� �:� �N�a�f�s�h� � �#� �W�e� �A�r�e� �:� �M�r�.�M�4�s�t�3�r� �,� �N�a�f�s�h� �,� �S�k�o�t�e�_�V�a�h�s�h�a�t� �,� �H�i�j�a�X� � �#� �S�u�p�p�o�r�t�:� �C�y�b�e�r�W�H�.�o�r�g�/�F�o�r�u�m� � �#� �M�a�i�l�:� �c�w�h�.�t�e�a�m�@�g�m�a�i�l�.�c�o�m� � �#� �S�o�f�t�w�a�r�e� �W�e�b�s�i�t�e�:� �h�t�t�p�:�/�/�p�l�o�g�g�e�r�.�o�r�g�/� � �#� �S�e�c�u�r�i�t�y� �R�i�s�k�:� �H�i�g�h� � �#� �P�l�a�t�f�o�r�m�:� �P�h�p� � � � �>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>� � � � �[�$�]� �D�o�r�k�s�:� �i�n�u�r�l�:�l�e�v�e�l� �"�P�o�w�e�r�e�d� �b�y� �P�l�o�g�g�e�r�!�"� �"�w�a�r�n�i�n�g�:�"� �"�m�y�s�q�l�"� � � � �[�#�]� �V�u�l�n�e�r�a�b�l�e� �F�i�l�e� �:� �"�?�l�e�v�e�l�=�p�a�t�c�h�&�i�d�=�[�s�q�l�]�"� � � � �[�$�]� �D�e�m�o� �S�i�t�e�s�:� � � � �h�t�t�p�:�/�/�c�a�l�a�h�e�.�o�r�g�/�p�h�o�t�o�s�/�i�n�d�e�x�.�p�h�p�?�l�e�v�e�l�=�a�l�b�u�m�&�i�d�=�2� � � � �h�t�t�p�:�/�/�l�e�s�l�i�e�b�a�n�d�s�.�c�o�m�/�g�a�l�l�e�r�y�.�p�h�p�?�l�e�v�e�l�=�a�l�b�u�m�&�i�d�=�2�5� � � � �h�t�t�p�:�/�/�r�i�s�c�-�w�p�.�b�e�/�p�l�o�g�g�e�r�b�2�.�1�/�i�n�d�e�x�.�p�h�p�?�l�e�v�e�l�=�c�o�l�l�e�c�t�i�o�n�&�i�d�=�1� � � � �>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>� � �<�/� �N�o� �P�r�i�v�8� �,� �E�v�e�r�y�t�h�i�n�g� �i�s� �P�u�b�l�i�c� �>� � �>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>�>� � � � �#�C�y�b�e�r�w�h�.�o�r�g�
