[left]=0D
Invision Gallery  2.0.6 ( SQL Injection )=0D
=0D
	File   :- modules/gallery/post.php=0D
	Line   :- 943=0D
    Bug By :- Devil-00=0D
=0D
    	* Welcome Back ( Security4arab ) *=0D
=0D
            Arabian Security WebSites=0D
=0D
www.s4a.cc=0D 
www.securitygurus.net=0D 
=0D
[php]=0D
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={$this->ipsclass->input['album']}" ) );=0D
[/php]=0D
=0D
    $this->ipsclass->input['album'] = Unfilter Input=0D
=0D
    Exploit :-=0D
=0D
    	Post New Image Then Edit POST Requset By HTTPLiveHeader=0D
=0D
        	album=[SQL]=0D
=0D
Fix :-=0D
=0D
[php]=0D
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={".intval($this->ipsclass->input['album'])."}" ) );=0D
[/php]=0D
[/left]