phototool.txt

`-------------------------------------------------  
  
thePHOTOtool SQL Injection Vulnerability By KingSerb  
  
-------------------------------------------------  
  
Please Forgive my spelling or any mistakes i have made, Its my first   
discovery of a  
vulnerablity so please understand, and use this file for educational   
purposes only  
i hold no responsibility for what you do whith the information.  
  
-------------------------------------------------  
  
ABOUT:  
  
This software is a photo album manager but also it has a link to go to the  
administration section, and from there you may edit news, homepage and ect.  
  
-------------------------------------------------  
  
FINDING VICTIMS:  
  
a simple yahoo search for /gallery/login.asp  
  
-------------------------------------------------  
  
DESCRIPTION:  
  
and then the login screen is vulnerable to sql injection attacks, which   
means  
that you dont need the original password but instead you put a sql code in   
the password field,  
and in the username the default user name being "admin".  
in the login script the onLoad="document.forms.loginForm.login.focus()"> is   
thought to be the problem.  
  
-------------------------------------------------  
  
PROOF OF CONCEPT:  
  
username: admin  
password: hi' or 'a'='a  
  
-------------------------------------------------  
VENDOR CONTACT:  
  
www.steelid.com  
vendor has been contacted.  
  
-------------------------------------------------  
CONTACT ME:  
  
email: KingSerb [AT] Linuxmail [DOT] org  
Msn: serbian_sniper [AT] Hotmail [DOT] com  
  
*email has been put in this form because of spammers and email harvesters*  
-------------------------------------------------  
  
Vulnerability found on 30/01/04.  
  
_________________________________________________________________  
Hot chart ringtones and polyphonics. Go to   
http://ninemsn.com.au/mobilemania/default.asp  
`