PhotoPost PHP Pro showphoto.php photo Parameter SQL Injection

2005-03-28T10:33:08
ID OSVDB:15100
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com), G00db0y(g00db0y@zone-h.org)
Modified 2005-03-28T10:33:08

Description

Vulnerability Description

PhotoPost PHP Pro contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'photo' variable in the showphoto.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PhotoPost PHP Pro contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'photo' variable in the showphoto.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/photos/showphoto.php?photo='SQL_ERROR

References:

Vendor URL: http://www.photopost.com/ Security Tracker: 1013581 Secunia Advisory ID:14742 Secunia Advisory ID:10766 Related OSVDB ID: 15096 Related OSVDB ID: 15099 Related OSVDB ID: 15098 Related OSVDB ID: 15097 Other Advisory URL: http://www.zone-h.org/en/advisories/read/id=3844/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0471.html ISS X-Force ID: 15008 CVE-2004-0239 Bugtraq ID: 9557