Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TA-150104.txt

🗓️ 16 Jan 2004 00:00:00Reported by posidronType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

SQL injection in Xtreme ASP Photo Gallery 2.0 allows admin access. No current solution available.

Code
`  
  
Tripbit Security   
Research   
tripbit.org   
  
Security Advisory   
  
  
Advisory ID: TA-150104   
Release Date: January   
15th, 2004   
Application: Xtreme ASP   
Photo Gallery 2.0   
Severity: Medium/High   
Impact: Admin access   
Class: Input   
Validation Error   
Vendor: http://  
www.pensacolawebdesigns.com/   
  
  
  
Overview   
--------------------------------------------------------------------------------------   
  
XTREME ASP Photo Gallery is a photo gallery that   
allows easy photo management and complete   
administration via a web based interface. This   
interface offers many more features than conventional   
web based photo gallery's do. With XTREME ASP Photo   
Gallery, you can configure everything including   
colors, text styles, amount of imaged displayed per   
page and much more.   
  
  
  
Details   
--------------------------------------------------------------------------------------   
  
Xtreme ASP Photo Gallery Version 2.0 is prone to a   
common SQL injection vulnerability. The problem   
occurs when handling user-supplied username and   
password data supplied to authentication procedures.   
  
http://[host]/photoalbum/admin/adminlogin.asp   
  
If we type:   
  
Username: 'or'   
Password: 'or'   
  
we gain admin access about the password protected   
administrative pages.   
  
  
  
Recommendation   
--------------------------------------------------------------------------------------   
  
No solution for the moment.   
  
  
  
Vendor Response   
--------------------------------------------------------------------------------------   
  
The vendor has reportedly been notified to this   
report.   
  
  
  
Disclaimer   
--------------------------------------------------------------------------------------   
  
The information within this paper may change without   
notice. Use of this information   
constitutes acceptance for use in an AS IS condition.   
There are NO warranties with   
regard to this information. In no event shall the   
author be liable for any damages   
whatsoever arising out of or in connection with the   
use or spread of this information.   
Any use of this information is at the user's own   
risk.   
  
  
  
Additional information   
--------------------------------------------------------------------------------------   
  
These vulnerability have been found and researched   
by:   
  
posidron [email protected]   
rushjo [email protected]   
  
You can find the last version of this warning in:   
  
http://www.tripbit.org/advisories/TA-150104.txt   
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Jan 2004 00:00Current
7.4High risk
Vulners AI Score7.4
xtreme aspsql injectionadmin accessinput validation errorphoto gallerysecurity advisory
23