Related information

CGI bugs

Multiple MetaDot Vulnerabilities [ All Versions ]

phpShop Vulnerabilities

XSS end execution commands in Destinyd 1.4

FishCart Integer Overflow / Rounding Error

From:	posidron_(at)_tripbit.org <posidron_(at)_tripbit.org>
Date:	17.01.2004
Subject:	Xtreme ASP Photo Gallery

                             Tripbit Security
Research
                                    tripbit.org

                                 Security Advisory


                           Advisory ID: TA-150104
                          Release Date: January
15th, 2004
                           Application: Xtreme ASP
Photo Gallery 2.0
                              Severity: Medium/High
                                Impact: Admin access
                                 Class: Input
Validation Error
                                Vendor: http://
www.pensacolawebdesigns.com/



Overview
---------------------------------------------------------------------------------
-----

XTREME ASP Photo Gallery is a photo gallery that
allows easy photo management and complete
administration via a web based interface. This
interface offers many more features than conventional
web based photo gallery's do. With XTREME ASP Photo
Gallery, you can configure everything including
colors, text styles, amount of imaged displayed per
page and much more.



Details
---------------------------------------------------------------------------------
-----

Xtreme ASP Photo Gallery Version 2.0 is prone to a
common SQL injection vulnerability. The problem
occurs when handling user-supplied username and
password data supplied to authentication procedures.

http://[host]/photoalbum/admin/adminlogin.asp

If we type:

Username: 'or'
Password: 'or'

we gain admin access about the password protected
administrative pages.



Recommendation
---------------------------------------------------------------------------------
-----

No solution for the moment.



Vendor Response
---------------------------------------------------------------------------------
-----

The vendor has reportedly been notified to this
report.



Disclaimer
---------------------------------------------------------------------------------
-----

The information within this paper may change without
notice. Use of this information
constitutes acceptance for use in an AS IS condition.
There are NO warranties with
regard to this information. In no event shall the
author be liable for any damages  
whatsoever arising out of or in connection with the
use or spread of this information.
Any use of this information is at the user's own
risk.



Additional information
---------------------------------------------------------------------------------
-----

These vulnerability have been found and researched
by:

posidron        posidron@tripbit.org
rushjo          rushjo@tripbit.org

You can find the last version of this warning in:

http://www.tripbit.org/advisories/TA-150104.txt