| Tripbit Security Advisory | TA-150104 |
Severity:
|
Medium/High |
Application: |
Xtreme ASP Photo Gallery 2.0 |
Platform: |
Windows |
Class: |
Input Validation Error |
Release
Date: |
January 15th, 2004 |
Vendor:
|
http://www.pensacolawebdesigns.com/ |
XTREME ASP Photo Gallery
is a photo gallery that allows easy photo management and complete administration
via a web based interface. This interface offers many more features than
conventional web based photo gallery's do. With XTREME ASP Photo Gallery,
you can configure everything including colors, text styles, amount of
imaged displayed per page and much more. |
Xtreme
ASP Photo Gallery Version 2.0 is prone to a common SQL injection vulnerability.
The problem occurs when handling user-supplied username and password data
supplied to authentication procedures. Example: http://host.com/photoalbum/admin/adminlogin.asp Password: 'or' Username: 'or' In this case we gain access to the password protected administrative pages. |
No solution for the moment. |
The
vendor has been notified to this report. |
The
information within this paper may change without notice. Use of this information
constitutes acceptance for use in an 'AS IS' condition. There are 'NO'
warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is
at the user's own risk. |
| This
vulnerability has been found and researched by: posidron posidron@tripbit.org rushjo rushjo@tripbit.org |
You
can find the latest version of this warning under the following URL: http://www.tripbit.org/advisories/TA-150104.html |