PhotoPost PHP Pro uploadphoto.php cat Variable SQL Injection

2004-03-28T05:57:02
ID OSVDB:10264
Type osvdb
Reporter James Bercegay()
Modified 2004-03-28T05:57:02

Description

Vulnerability Description

PhotoPost PHP Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'cat' variable in the 'uploadphoto.php' script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 4.86 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PhotoPost PHP Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'cat' variable in the 'uploadphoto.php' script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/uploadphoto.php?cat=[SQL]

References:

Vendor URL: http://www.photopost.com/ Security Tracker: 1009571 Secunia Advisory ID:11241 Related OSVDB ID: 10261 Related OSVDB ID: 10266 Related OSVDB ID: 10263 Related OSVDB ID: 10267 Related OSVDB ID: 10262 Related OSVDB ID: 10265 Related OSVDB ID: 4771 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00036-03282004 Bugtraq ID: 9994