Date: 2 Feb 2004 17:09:00 -0000
From: ZetaLabs <[email protected]>
To: [email protected]Subject: ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability
ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability
Published: 02 february 2004
Released: 02 february 2004
Name: Photopost PHP Pro
Affected Systems: 4.6 and prior versions
Issue: Sql Injection Vulnerability
Author: G00db0y from Zone-h Security Labs - [email protected]
Vendor: http://www.photopost.com
Description
***********
Zone-h Security Team has discovered a flaw in PhotoPost PHP Pro. There is a vulnerability in the current version (and also in prior versions) of PhotoPost PHP Pro that allows an attacker to disclose sensitive information that could be used to gain unauthorized access.
"PhotoPost PHP Pro lets your users upload and discuss photos in galleries that you create as well as public and private albums that they create, and it integrates seamlessly into your current site design. PhotoPost PHP Pro can
even use your existing forum login system (if you have one) to keep your users from having to register twice, and our complete forum integration option lets you display your PhotoPost albums and photos inside your vBulletin or UBB Threads forum"
Details
*******
The problems exist due to insufficient sanitization of user-supplied data. A remote attacker may exploit these issues to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access.
For example try this:
http://address/directory/showphoto.php?photo=[query]
Solution:
*********
The vendor has been contacted and a patch was produced:
http://www.photopost.com/members/forum/showthread.php?s=&threadid=98113
G00db0y from Zone-h Security Labs - [email protected]http://www.zone-h.org/en/advisories/read/id=3844/
