Xtreme ASP Photo Gallery adminlogin.asp Multiple Parameter SQL Injection

2004-01-15T00:00:00
ID OSVDB:3585
Type osvdb
Reporter posidron(posidron@tripbit.org)
Modified 2004-01-15T00:00:00

Description

Vulnerability Description

Xtreme ASP Photo Gallery contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that multiple parameter in the 'adminlogin.asp' script are not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Pensacola Web Designs has released a patch to address this vulnerability.

Short Description

Xtreme ASP Photo Gallery contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that multiple parameter in the 'adminlogin.asp' script are not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

References:

Vendor Specific Advisory URL Security Tracker: 1008745 Secunia Advisory ID:10659 Other Advisory URL: http://www.tripbit.org/advisories/TA-150104.txt Nessus Plugin ID:12020 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-01/0128.html ISS X-Force ID: 14860 Bugtraq ID: 9438