2BGal 2.5.1 - SQL Injection

EDB-ID:

25045


Author:

zib

Type:

webapps


Platform:

PHP

Date:

2004-12-22


source: https://www.securityfocus.com/bid/12083/info

A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information. 

http://www.example.com/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%20passwd%20as%20nom,%20idpere%20FROM%20galbumlist%20LIMIT%201;--