Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

TA-150104.txt

🗓️ 16 Jan 2004 00:00:00Reported by posidronType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

SQL injection in Xtreme ASP Photo Gallery 2.0 allows admin access. No current solution available.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
  
Tripbit Security   
Research   
tripbit.org   
  
Security Advisory   
  
  
Advisory ID: TA-150104   
Release Date: January   
15th, 2004   
Application: Xtreme ASP   
Photo Gallery 2.0   
Severity: Medium/High   
Impact: Admin access   
Class: Input   
Validation Error   
Vendor: http://  
www.pensacolawebdesigns.com/   
  
  
  
Overview   
--------------------------------------------------------------------------------------   
  
XTREME ASP Photo Gallery is a photo gallery that   
allows easy photo management and complete   
administration via a web based interface. This   
interface offers many more features than conventional   
web based photo gallery's do. With XTREME ASP Photo   
Gallery, you can configure everything including   
colors, text styles, amount of imaged displayed per   
page and much more.   
  
  
  
Details   
--------------------------------------------------------------------------------------   
  
Xtreme ASP Photo Gallery Version 2.0 is prone to a   
common SQL injection vulnerability. The problem   
occurs when handling user-supplied username and   
password data supplied to authentication procedures.   
  
http://[host]/photoalbum/admin/adminlogin.asp   
  
If we type:   
  
Username: 'or'   
Password: 'or'   
  
we gain admin access about the password protected   
administrative pages.   
  
  
  
Recommendation   
--------------------------------------------------------------------------------------   
  
No solution for the moment.   
  
  
  
Vendor Response   
--------------------------------------------------------------------------------------   
  
The vendor has reportedly been notified to this   
report.   
  
  
  
Disclaimer   
--------------------------------------------------------------------------------------   
  
The information within this paper may change without   
notice. Use of this information   
constitutes acceptance for use in an AS IS condition.   
There are NO warranties with   
regard to this information. In no event shall the   
author be liable for any damages   
whatsoever arising out of or in connection with the   
use or spread of this information.   
Any use of this information is at the user's own   
risk.   
  
  
  
Additional information   
--------------------------------------------------------------------------------------   
  
These vulnerability have been found and researched   
by:   
  
posidron [email protected]   
rushjo [email protected]   
  
You can find the last version of this warning in:   
  
http://www.tripbit.org/advisories/TA-150104.txt   
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
16 Jan 2004 00:00Current
7.4High risk
Vulners AI Score7.4
xtreme aspsql injectionadmin accessinput validation errorphoto gallerysecurity advisory
18
.json
Report