All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
BID:9994
Info
All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 9994 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-1871 CVE-2004-1870 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2004 12:00AM |
| Updated: | Aug 03 2010 06:15PM |
| Credit: | Discovery is credited to JeiAr <[email protected]>. |
| Vulnerable: |
All Enthusiast Inc Photopost PHP Pro 4.8.1 All Enthusiast Inc Photopost PHP Pro 4.6 All Enthusiast Inc Photopost PHP Pro 4.1 All Enthusiast Inc Photopost PHP Pro 4.0 All Enthusiast Inc Photopost PHP Pro 3.3 All Enthusiast Inc Photopost PHP Pro 3.2 All Enthusiast Inc Photopost PHP Pro 3.1 All Enthusiast Inc PhotoPost PHP 4.6 All Enthusiast Inc PhotoPost PHP 4.4 All Enthusiast Inc PhotoPost PHP 4.0 |
| Not Vulnerable: | |
Discussion
All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks.
Photopost PHP Pro 4.6.0 and prior may be prone to these issues. Photopost PHP Pro 4.8.1 is reported vulnerable to these issues as well.
Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks.
Photopost PHP Pro 4.6.0 and prior may be prone to these issues. Photopost PHP Pro 4.8.1 is reported vulnerable to these issues as well.
Exploit / POC
All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
No exploit is required to carry out a successful attack.
The following proof of concept example to exploit the SQL injection issue in 'ppuser' parameter is available:
http://www.example.com/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email,
0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500
No exploit is required to carry out a successful attack.
The following proof of concept example to exploit the SQL injection issue in 'ppuser' parameter is available:
http://www.example.com/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email,
0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500
Solution / Fix
All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
Solution:
It is reported that PhotoPost PHP Pro 4.86 has been released to address these issues. Please contact the vendor for more information and to obtain the fixed version.
Solution:
It is reported that PhotoPost PHP Pro 4.86 has been released to address these issues. Please contact the vendor for more information and to obtain the fixed version.
References
All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities
References:
References:
- PhotoPost PHP Homepage (All Enthusiast Inc)
- PhotoPost PHP Pro Multiple Vulnerabilities (JeiAr
)