PhotoPost PHP Pro showgallery.php Multiple Parameter SQL Injection

2005-01-03T04:08:57
ID OSVDB:12742
Type osvdb
Reporter James Bercegay()
Modified 2005-01-03T04:08:57

Description

Vulnerability Description

PhotoPost PHP Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that multiple parameters in the 'showgallery.php' script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 4.86 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PhotoPost PHP Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that multiple parameters in the 'showgallery.php' script are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/showgallery.php?cat=[INT][SQL] http://[victim]/showgallery.php?ppuser=[INT][SQL]&cat=[INT]

http://[victim]/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email, 0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500

References:

Vendor URL: http://www.photopost.com/class/ Security Tracker: 1012762 Secunia Advisory ID:13680 Related OSVDB ID: 12741 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00063-01032005 Nessus Plugin ID:16101 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0009.html ISS X-Force ID: 18745 CVE-2005-0273 Bugtraq ID: 12156