lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060331020518.7036.qmail@securityfocus.com>
Date: 31 Mar 2006 02:05:18 -0000
From: undefined1@...il.com
To: bugtraq@...urityfocus.com
Subject: MonAlbum 0.8.7 SQL Injection


advisory by undefined1_ @ bash-x.net/undef/

Mon Album 0.8.7
http://www.3dsrc.com/monalbum/

There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php (line 99)
if (isset($_GET["pc"])) $pc = $_GET["pc"];

... (no sanity checks)

if (isset($pc) && $grech_inactive) $result = execute_requete("select id_rub, nom, commentaire from monalbum_rubrique where ( nom like \"%$pc%\" or commentaire like \"%$pc%\" ) and (id_rub_mere <> 0 and id_rub <> 0) limit " . $deb . ", ". ($ghor*$gvert));



The second flaw is located in the comments system in image_agrandir.php (line 228)
$pnom = $_POST['pnom'];
$pcourriel = $_POST['pcourriel'];
$pcommentaire = $_POST['pcommentaire'];

... (no sanity checks)

execute_requete("insert into monalbum_commentaire (id_image, nom, courriel, commentaire, date_com) values ($id_image, \"$pnom\",\"$pcourriel\", \"".addslashes($pcommentaire)."\", \"".date("Y-m-d")."\" )");

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ