<<< Date Index >>>     <<< Thread Index >>>

Xtreme ASP Photo Gallery




                              Tripbit Security 
Research 
                                     tripbit.org 
 
                                  Security Advisory 
 
 
                            Advisory ID: TA-150104 
                           Release Date: January 
15th, 2004 
                            Application: Xtreme ASP 
Photo Gallery 2.0 
                               Severity: Medium/High 
                                 Impact: Admin access 
                                  Class: Input 
Validation Error 
                                 Vendor: http://
www.pensacolawebdesigns.com/ 
 
 
 
Overview 
--------------------------------------------------------------------------------------
 
 
XTREME ASP Photo Gallery is a photo gallery that 
allows easy photo management and complete 
administration via a web based interface. This 
interface offers many more features than conventional 
web based photo gallery's do. With XTREME ASP Photo 
Gallery, you can configure everything including 
colors, text styles, amount of imaged displayed per 
page and much more. 
 
 
 
Details 
--------------------------------------------------------------------------------------
 
 
Xtreme ASP Photo Gallery Version 2.0 is prone to a 
common SQL injection vulnerability. The problem 
occurs when handling user-supplied username and 
password data supplied to authentication procedures. 
 
http://[host]/photoalbum/admin/adminlogin.asp 
 
If we type: 
 
Username: 'or' 
Password: 'or' 
 
we gain admin access about the password protected 
administrative pages. 
 
 
 
Recommendation 
--------------------------------------------------------------------------------------
 
 
No solution for the moment. 
 
 
 
Vendor Response 
--------------------------------------------------------------------------------------
 
 
The vendor has reportedly been notified to this 
report. 
 
 
 
Disclaimer 
--------------------------------------------------------------------------------------
 
 
The information within this paper may change without 
notice. Use of this information 
constitutes acceptance for use in an AS IS condition. 
There are NO warranties with 
regard to this information. In no event shall the 
author be liable for any damages  
whatsoever arising out of or in connection with the 
use or spread of this information. 
Any use of this information is at the user's own 
risk. 
 
 
 
Additional information 
--------------------------------------------------------------------------------------
 
 
These vulnerability have been found and researched 
by: 
 
posidron        posidron@xxxxxxxxxxx 
rushjo          rushjo@xxxxxxxxxxx 
 
You can find the last version of this warning in: 
 
http://www.tripbit.org/advisories/TA-150104.txt