Computer Security

Security Advisory: Invision Gallery 2.0.6 ( SQL Injection )
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA19913] phpkb Knowledge Base "searchkeyword"
Cross-Site Scripting

  albinator <= 2.0.8 Remote File Inclusion Vuln and XSS

  Cmscout <= V1.10 multiple XSS attack vectors

  SF-Users V1.0 XSS injection

From:o.y.6_(at)_hotmail.com <o.y.6_(at)_hotmail.com>
Date:03.05.2006
Subject:Invision Gallery 2.0.6 ( SQL Injection )

[left]
Invision Gallery  2.0.6 ( SQL Injection )

       File   :- modules/gallery/post.php
       Line   :- 943
   Bug By :- Devil-00

       * Welcome Back ( Security4arab ) *

           Arabian Security WebSites

               www.s4a.cc
               www.securitygurus.net

[php]
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={$this->ipsclass->input['album']}" ) );
[/php]

   $this->ipsclass->input['album'] = Unfilter Input

   Exploit :-

       Post New Image Then Edit POST Requset By HTTPLiveHeader

               album=[SQL]

Fix :-

[php]
$this->ipsclass->DB->simple_construct( array( 'select' => 'COUNT(*) AS total', 'from' => 'gallery_images', 'where' => "album_id={".intval($this->ipsclass-
>input['album'])."}" ) );
[/php]
[/left]
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server