ZH2004-03SA.txt

`  
  
ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability  
  
Published: 02 february 2004  
  
Released: 02 february 2004  
  
Name: Photopost PHP Pro  
  
Affected Systems: 4.6 and prior versions  
  
Issue: Sql Injection Vulnerability  
  
Author: G00db0y from Zone-h Security Labs - [email protected]  
  
Vendor: http://www.photopost.com  
  
  
  
  
Description  
  
***********  
  
Zone-h Security Team has discovered a flaw in PhotoPost PHP Pro. There is a vulnerability in the current version (and also in prior versions) of PhotoPost PHP Pro that allows an attacker to disclose sensitive information that could be used to gain unauthorized access.  
"PhotoPost PHP Pro lets your users upload and discuss photos in galleries that you create as well as public and private albums that they create, and it integrates seamlessly into your current site design. PhotoPost PHP Pro can   
even use your existing forum login system (if you have one) to keep your users from having to register twice, and our complete forum integration option lets you display your PhotoPost albums and photos inside your vBulletin or UBB Threads forum"   
  
  
  
  
Details  
  
*******   
  
  
The problems exist due to insufficient sanitization of user-supplied data. A remote attacker may exploit these issues to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access.  
  
For example try this:  
  
http://address/directory/showphoto.php?photo=[query]  
  
  
  
  
Solution:  
  
*********  
  
The vendor has been contacted and a patch was produced:  
  
  
http://www.photopost.com/members/forum/showthread.php?s=&threadid=98113  
  
  
  
G00db0y from Zone-h Security Labs - [email protected]  
  
  
  
http://www.zone-h.org/en/advisories/read/id=3844/  
`