Date: 3 Apr 2006 14:07:26 -0000
From: t4h4@linuxmail.org
To: bugtraq@securityfocus.com
Subject: Phpwebgallery <= 1.4.1 SQL injection Vulnerability
X-Virus-Scanned: antivirus-gw at tyumen.ru
Moroccan Security Team (|ucif3r)
Greetz To All Freind
Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks
The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks.
Exploit:
http://localhost/phpwebgallery/category.php?cat=search&search=[SQL]
t4h4[at]linuxmail[dot]com :D
