[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040115225805.21664.qmail@www.securityfocus.com>
Date: 15 Jan 2004 22:58:05 -0000
From: <posidron@...pbit.org>
To: bugtraq@...urityfocus.com
Subject: Xtreme ASP Photo Gallery
Tripbit Security
Research
tripbit.org
Security Advisory
Advisory ID: TA-150104
Release Date: January
15th, 2004
Application: Xtreme ASP
Photo Gallery 2.0
Severity: Medium/High
Impact: Admin access
Class: Input
Validation Error
Vendor: http://
www.pensacolawebdesigns.com/
Overview
--------------------------------------------------------------------------------------
XTREME ASP Photo Gallery is a photo gallery that
allows easy photo management and complete
administration via a web based interface. This
interface offers many more features than conventional
web based photo gallery's do. With XTREME ASP Photo
Gallery, you can configure everything including
colors, text styles, amount of imaged displayed per
page and much more.
Details
--------------------------------------------------------------------------------------
Xtreme ASP Photo Gallery Version 2.0 is prone to a
common SQL injection vulnerability. The problem
occurs when handling user-supplied username and
password data supplied to authentication procedures.
http://[host]/photoalbum/admin/adminlogin.asp
If we type:
Username: 'or'
Password: 'or'
we gain admin access about the password protected
administrative pages.
Recommendation
--------------------------------------------------------------------------------------
No solution for the moment.
Vendor Response
--------------------------------------------------------------------------------------
The vendor has reportedly been notified to this
report.
Disclaimer
--------------------------------------------------------------------------------------
The information within this paper may change without
notice. Use of this information
constitutes acceptance for use in an AS IS condition.
There are NO warranties with
regard to this information. In no event shall the
author be liable for any damages
whatsoever arising out of or in connection with the
use or spread of this information.
Any use of this information is at the user's own
risk.
Additional information
--------------------------------------------------------------------------------------
These vulnerability have been found and researched
by:
posidron posidron@...pbit.org
rushjo rushjo@...pbit.org
You can find the last version of this warning in:
http://www.tripbit.org/advisories/TA-150104.txt
Powered by blists - more mailing lists