ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability
ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection
Vulnerability
Published: 02 february 2004
Released: 02 february 2004
Name: Photopost PHP Pro
Affected Systems: 4.6 and prior versions
Issue: Sql Injection Vulnerability
Author: G00db0y from Zone-h Security Labs - zetalabs@xxxxxxxxxx
Vendor: http://www.photopost.com
Description
***********
Zone-h Security Team has discovered a flaw in PhotoPost PHP Pro. There is a
vulnerability in the current version (and also in prior versions) of PhotoPost
PHP Pro that allows an attacker to disclose sensitive information that could be
used to gain unauthorized access.
"PhotoPost PHP Pro lets your users upload and discuss photos in galleries that
you create as well as public and private albums that they create, and it
integrates seamlessly into your current site design. PhotoPost PHP Pro can
even use your existing forum login system (if you have one) to keep your users
from having to register twice, and our complete forum integration option lets
you display your PhotoPost albums and photos inside your vBulletin or UBB
Threads forum"
Details
*******
The problems exist due to insufficient sanitization of user-supplied data. A
remote attacker may exploit these issues to influence SQL query logic to
disclose sensitive information that could be used to gain unauthorized access.
For example try this:
http://address/directory/showphoto.php?photo=[query]
Solution:
*********
The vendor has been contacted and a patch was produced:
http://www.photopost.com/members/forum/showthread.php?s=&threadid=98113
G00db0y from Zone-h Security Labs - zetalabs@xxxxxxxxxx
http://www.zone-h.org/en/advisories/read/id=3844/