PhotoPost Pro misc.php Administrator Email Flood DoS
2005-03-11T05:40:19
ID OSVDB:14680 Type osvdb Reporter Igor Franchuk(sprog@online.ru) Modified 2005-03-11T05:40:19
Description
Vulnerability Description
PhotoPost Pro contains a flaw that may allow a remote denial of service. The problem is that the 'reportpost' action in 'misc.php' does not limit the logging data that is sent to the administrator, which may allow a remote attacker to send an unlimited amount of mails to the administrator.
Solution Description
Upgrade to version 5.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
PhotoPost Pro contains a flaw that may allow a remote denial of service. The problem is that the 'reportpost' action in 'misc.php' does not limit the logging data that is sent to the administrator, which may allow a remote attacker to send an unlimited amount of mails to the administrator.
{"type": "osvdb", "published": "2005-03-11T05:40:19", "href": "https://vulners.com/osvdb/OSVDB:14680", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 6, "edition": 1, "reporter": "Igor Franchuk(sprog@online.ru)", "title": "PhotoPost Pro misc.php Administrator Email Flood DoS", "affectedSoftware": [{"operator": "eq", "version": "5.0 RC3", "name": "PhotoPost PHP Pro"}], "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-04-28T13:20:10", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0775"]}, {"type": "nessus", "idList": ["PHOTOPOST_MULTIPLE_VULNS.NASL"]}], "modified": "2017-04-28T13:20:10", "rev": 2}, "vulnersScore": 6.0}, "references": [], "id": "OSVDB:14680", "lastseen": "2017-04-28T13:20:10", "cvelist": ["CVE-2005-0775"], "modified": "2005-03-11T05:40:19", "description": "## Vulnerability Description\nPhotoPost Pro contains a flaw that may allow a remote denial of service. The problem is that the 'reportpost' action in 'misc.php' does not limit the logging data that is sent to the administrator, which may allow a remote attacker to send an unlimited amount of mails to the administrator.\n## Solution Description\nUpgrade to version 5.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPhotoPost Pro contains a flaw that may allow a remote denial of service. The problem is that the 'reportpost' action in 'misc.php' does not limit the logging data that is sent to the administrator, which may allow a remote attacker to send an unlimited amount of mails to the administrator.\n## Manual Testing Notes\nhttp://[victim]/photopost/misc.php?action=reportpost&report=1&final=1\n## References:\nVendor URL: http://www.photopost.com/\n[Secunia Advisory ID:14576](https://secuniaresearch.flexerasoftware.com/advisories/14576/)\n[Related OSVDB ID: 14679](https://vulners.com/osvdb/OSVDB:14679)\n[Related OSVDB ID: 14681](https://vulners.com/osvdb/OSVDB:14681)\n[Related OSVDB ID: 14682](https://vulners.com/osvdb/OSVDB:14682)\n[Related OSVDB ID: 14683](https://vulners.com/osvdb/OSVDB:14683)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0200.html\nISS X-Force ID: 19676\n[CVE-2005-0775](https://vulners.com/cve/CVE-2005-0775)\nBugtraq ID: 12779\n"}
{"cve": [{"lastseen": "2021-02-02T05:24:35", "description": "The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator.", "edition": 4, "cvss3": {}, "published": "2005-05-02T04:00:00", "title": "CVE-2005-0775", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0775"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:photopost:photopost_php_pro:5.0_rc3"], "id": "CVE-2005-0775", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0775", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:photopost:photopost_php_pro:5.0_rc3:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-20T13:25:43", "description": "According to its banner, the version of PhotoPost PHP installed on the\nremote host has several vulnerabilities:\n\n - An Access Validation Vulnerability.\n The 'adm-photo.php' script fails to verify authentication\n credentials, which allows an attacker to change the \n properties of thumbnails of uploaded images.\n\n - A SQL Injection Vulnerability.\n The 'uid' parameter in the 'member.php' script is not \n properly sanitized before use in SQL queries. An\n attacker can leverage this flaw to disclose or modify\n sensitive information or perhaps even launch attacks\n against the underlying database implementation.\n\n - A Cross-site Scripting (XSS) Vulnerability.\n The 'editbio' parameter of the user profile form is not sanitized\n properly, allowing an attacker to inject arbitrary script or\n HTML in a user's browser in the context of the affected website, \n resulting in theft of authentication data or other such attacks.", "edition": 27, "published": "2005-03-11T00:00:00", "title": "PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0776", "CVE-2005-1629", "CVE-2005-0775", "CVE-2005-0778", "CVE-2005-0774", "CVE-2005-0777"], "modified": "2005-03-11T00:00:00", "cpe": ["cpe:/a:photopost:photopost_php_pro", "cpe:/a:photopost:photopost_php"], "id": "PHOTOPOST_MULTIPLE_VULNS.NASL", "href": "https://www.tenable.com/plugins/nessus/17314", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17314);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-0774\", \"CVE-2005-0775\", \"CVE-2005-0776\", \"CVE-2005-0777\", \"CVE-2005-0778\", \"CVE-2005-1629\");\n script_bugtraq_id(12779, 13620);\n\n script_name(english:\"PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities\");\n script_summary(english:\"Checks for multiple remote vulnerabilities in PhotoPost PHP 5.0 RC3 and older\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nseveral vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PhotoPost PHP installed on the\nremote host has several vulnerabilities:\n\n - An Access Validation Vulnerability.\n The 'adm-photo.php' script fails to verify authentication\n credentials, which allows an attacker to change the \n properties of thumbnails of uploaded images.\n\n - A SQL Injection Vulnerability.\n The 'uid' parameter in the 'member.php' script is not \n properly sanitized before use in SQL queries. An\n attacker can leverage this flaw to disclose or modify\n sensitive information or perhaps even launch attacks\n against the underlying database implementation.\n\n - A Cross-site Scripting (XSS) Vulnerability.\n The 'editbio' parameter of the user profile form is not sanitized\n properly, allowing an attacker to inject arbitrary script or\n HTML in a user's browser in the context of the affected website, \n resulting in theft of authentication data or other such attacks.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2005/Mar/213\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2005/May/311\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PhotoPost PHP version 5.01 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/03/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/11\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:photopost:photopost_php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:photopost:photopost_php_pro\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"photopost_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/photopost\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/photopost\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n\n if (ver =~ \"^[0-4].*|5\\.0[^0-9]?|5\\.0rc[123]$\")\n {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
