Welcome to PhotoForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

For anyone using PhotoPost on their site or using a site w..

  
   Digital Photography Tip (Home) -> General RSS
Next:  Leica R and Leicaflex Bodies  
Author Message
fmiller

External


Since: Mar 15, 2004
Posts: 45



(Msg. 1) Posted: Tue Mar 30, 2004 12:32 pm
Post subject: For anyone using PhotoPost on their site or using a site wit
Archived from groups: rec>photo>moderated (more info?)
PhotoPost Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA11241

VERIFY ADVISORY:
<a style='text-decoration: underline;' href="http://secunia.com/advisories/11241/" target="_blank">http://secunia.com/advisories/11241/</a>

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data

WHERE:
 >From remote

SOFTWARE:
PhotoPost PHP Pro 4.x

DESCRIPTION:
JeiAr has reported multiple vulnerabilities in PhotoPost, which can
be exploited by malicious people to conduct Cross Site Scripting, SQL
injection, and script insertion attacks.

1) Input passed to certain parameters in various scripts isn't
properly verified before it is used in an SQL query. This can be
exploited by malicious people to manipulate SQL queries by injecting
arbitrary SQL code.

Examples:
addfav.php?photo=[SQL]
comments.php?photo=[SQL]
comments.php?photo=1&cedit=[SQL]
index.php?cat=[SQL]
showgallery.php?ppuser=[SQL]
showgallery.php?cat=[SQL]
uploadphoto.php?cat=[SQL]
useralbums.php?ppaction=delalbum&albumid=[SQL]
useralbums.php?ppaction=editalbum&albumid=[SQL]

2) Certain input passed to the script "showmembers.php" isn't
properly verified before it is returned to the user. This can be
exploited to execute arbitrary HTML or script code in a user's
browser session in context of an affected site by tricking the user
into visiting a malicious website or follow a specially crafted
link.

Examples:
showmembers.php?cat=1&si=&page=7&sort=7&perpage=12&ppuser=10[code]
showmembers.php?cat=1&si=&page=7&sort=7&perpage=12&password=[code]
showmembers.php?cat=1&si=&page=7&sort=7&perpage=12&stype=1[code]
showmembers.php?cat=1&si=&page=7&sort=7&perpage=1[code]
showmembers.php?cat=1&si=&page=7&sort=1[code]
showmembers.php?cat=1&si=&page=1[code]
showmembers.php?cat=1&si=1[code]
showmembers.php?cat=1[code]

3) Certain parameters such as photo names, photo descriptions, album
names, album descriptions, and others allow URLs to be specified.
These can contain references to administrative functions, which will
be executed when an administrative user views an album with malicious
links.

The vulnerabilities have been reported in PhotoPost 4.6 and prior.

SOLUTION:
Edit the source code to ensure that input is properly verified.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
JeiAr of the GulfTech Security Research Team

ORIGINAL ADVISORY:
<a style='text-decoration: underline;' href="http://www.gulftech.org/03282004.php" target="_blank">http://www.gulftech.org/03282004.php</a>

--
Definition of Terror: A female Klingon with PMS.<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: For anyone using PhotoPost on their site or using a site w.. 
Back to top
Login to vote
Display posts from previous:   
   Digital Photography Tip (Home) -> General All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]