Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability

2011-02-11T00:00:00
ID ZSL-2011-4992
Type zeroscience
Reporter Gjoko Krstic
Modified 2011-02-11T00:00:00

Description

Title: Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability
Advisory ID: ZSL-2011-4992
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (4/5)
Release Date: 11.02.2011

Summary

Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Anyone who has web-space that meets the requirements can download and use Pixelpost for free!

Description

Pixelpost is vulnerable to an SQL Injection attack when input is passed to several POST parameters (findfid, id, selectfcat, selectfmon, selectftag). The script (admin/index.php) fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information.

Vendor

Pixelpost.org - <http://www.pixelpost.org>

Affected Version

1.7.3

Tested On

Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41

Vendor Status

N/A

PoC

pixelpost_sql.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://packetstormsecurity.org/files/98428>
[2] <http://www.exploit-db.com/exploits/16160>
[3] <http://securityreason.com/wlb_show/WLB-2011020049>
[4] <http://www.securityfocus.com/bid/46348>

Changelog

[11.02.2011] - Initial release
[12.02.2011] - Added reference [1], [2] and [3]
[14.02.2011] - Added reference [4]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;