ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability

Published: 02 february 2004

Released: 02 february 2004

Name: Photopost PHP Pro

Affected Systems: 4.6 and prior versions

Issue: Sql Injection Vulnerability

Author: G00db0y from Zone-h Security Labs - zetalabs@zone-h.org

Vendor: http://www.photopost.com




Description

***********

Zone-h Security Team has discovered a flaw in PhotoPost PHP Pro. There is a vulnerability in the current version (and also in prior versions) of PhotoPost PHP Pro that allows an attacker to disclose sensitive information that could be used to gain unauthorized access.
"PhotoPost PHP Pro lets your users upload and discuss photos in galleries that you create as well as public and private albums that they create, and it integrates seamlessly into your current site design. PhotoPost PHP Pro can 
even use your existing forum login system (if you have one) to keep your users from having to register twice, and our complete forum integration option lets you display your PhotoPost albums and photos inside your vBulletin or UBB Threads forum" 




Details

******* 


The problems exist due to insufficient sanitization of user-supplied data. A remote attacker may exploit these issues to influence SQL query logic to disclose sensitive information that could be used to gain unauthorized access.

For example try this:

http://address/directory/showphoto.php?photo=[query]




Solution:

*********

The vendor has been contacted and a patch was produced:


http://www.photopost.com/members/forum/showthread.php?s=&threadid=98113



G00db0y from Zone-h Security Labs - zetalabs@zone-h.org



http://www.zone-h.org/en/advisories/read/id=3844/