PhotoPost addfav.php photo Variable SQL Injection

2004-03-28T05:57:02
ID OSVDB:4771
Type osvdb
Reporter James Bercegay()
Modified 2004-03-28T05:57:02

Description

Manual Testing Notes

http://[victim]/addfav.php?photo=[SQL]

References:

Vendor URL: http://www.photopost.com/ Secunia Advisory ID:11241 Related OSVDB ID: 10261 Related OSVDB ID: 10266 Related OSVDB ID: 10263 Related OSVDB ID: 10267 Related OSVDB ID: 10262 Related OSVDB ID: 10264 Related OSVDB ID: 10265 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00036-03282004 Bugtraq ID: 9994