CVE-2010-1300

This exploit demonstrates a SQL injection vulnerability in Yamamah Photo Gallery 1.00, allowing an attacker to extract admin credentials via a crafted UNION-based SQL query.

This is a writeup describing a SQL injection vulnerability in Yamamah 1.0. It provides a proof-of-concept URL demonstrating blind SQL injection but does not include functional exploit code.

The provided text describes multiple vulnerabilities in Yamamah Version 1.00, including a reinstallation of admin information and a blind SQL/XPath injection. It provides URLs to exploit these vulnerabilities but does not include executable code.

The exploit demonstrates SQL injection and local file inclusion vulnerabilities in Yamamah 1.00. It includes functional payloads for blind SQLi and file disclosure via the 'download' and 'news' parameters.