Advertisement
Home arrow Search
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Multiple Vulnerabilities In PhotoPost Pro PDF Print E-mail
User Rating: / 0
PoorBest 
Wednesday, 05 January 2005
www.gulftech.org/?node=research&article_id=00063-01032005
Multiple Vulnerabilities In PhotoPost Pro January 3, 2005 Vendor : All Enthusiast, Inc. URL : http://www.photopost.com/ Version : All Versions Risk : Multiple Vulnerabilities Description: PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum. If you already have a forum (vBulletin, UBB Threads, phpBB, DCForum, or InvisionBoard), you'll appreciate that PhotoPost was designed to seamlessly integrate into your site without the need for your users to register twice and maintain two logins. PhotoPost Pro is vulnerable to some serious SQL Injection issues as well as cross site scripting. An update is available and all users should upgrade now. Cross Site Scripting: PhotoPost is prone to cross site scripting in several different scripts throughout the application. Below are examples: http://path/showgallery.php?cat=[INT]&page=[XSS] http://path/showgallery.php?si=[XSS] http://path/showgallery.php?cat=[INT][XSS] http://path/showgallery.php?ppuser=[INT]&cat=[INT][XSS] This can be used to render hostile code in the context of the victims browser, or to steal cookie based credentials or other sensitive info. SQL Injection Vulnerability: There are several SQL Injection vulnerabilities in this application. Some are easy to exploit, others are not so easy. http://path/showgallery.php?cat=[INT][SQL] http://path/showgallery.php?ppuser=[INT][SQL]&cat=[INT] These SQL issues can possibly be exploited to influence SQL queries and disclose arbitrary data. These will alse cause XSS if unsuccessful. Below is an example real world exploit that pulls the password hash for the user with the user id of one from the user table. Proof Of Concept: Due to the fact that some people feel the issues in this advisory and our last PhotoPost advisory were not accurate and unexploitable we have decided to include a proof of concept. http://path/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email, 0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500 The above example is relatively harmless, but will pull the private email address of a user. This could just as easily be an admin password hash. Solution: PhotoPost 4.86 has been released to address these issues. Users should upgrade their installation as soon as possible. Credits: James Bercegay of the GulfTech Security Research Team


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!