Totally Blind SQL Injection -- Extract admin username/password

Petros · July 2009

More information here:
http://www.zenphoto.org/trac/ticket/1183

E-mail/PM me for the exploit source and the patch for it. The exploit only works if you aren't logged in already (which a hacker probably isn't anyway) but keep that in mind if you are going to test it. I only tested it on a server with magic_quotes_gpc = off.

acrylian · July 2009

The ticket is actually enough. Please see my comment there.

sbillard · July 2009

A fix for this issue has been released and will be in the nightly build of 9 July.

Zenphoto

Quick Links

Categories

Problems? Lost?

Need project help?

Like using Zenphoto? Donate!

Totally Blind SQL Injection -- Extract admin username/password

Comments

RSS feeds!

Social networks

Join the Google Group!

Information

Legal stuff