TA-150104.txt

TA-150104.txt: Posted Jan 16, 2004; Authored by posidron, rushjo | Site tripbit.org; Xtreme ASP Photo Gallery Version 2.0 is prone to a common SQL injection vulnerability. The problem occurs when handling user-supplied username and password data supplied to authentication procedures.; tags | exploit, sql injection, asp; SHA-256 | 18196c49e782ab6139923566eb59889974ae0a3c962a2c04583975e95eea74fa; Download | Favorite | View

TA-150104.txt



                              Tripbit Security 
Research 
                   tripbit.org 
 
                Security Advisory 
 
 
                            Advisory ID: TA-150104 
                           Release Date: January 
15th, 2004 
                            Application: Xtreme ASP 
Photo Gallery 2.0 
                               Severity: Medium/High 
                                 Impact: Admin access 
          Class: Input 
Validation Error 
                     Vendor: http://
www.pensacolawebdesigns.com/ 
 
 
 
Overview 
-------------------------------------------------------------------------------------- 
 
XTREME ASP Photo Gallery is a photo gallery that 
allows easy photo management and complete 
administration via a web based interface. This 
interface offers many more features than conventional 
web based photo gallery's do. With XTREME ASP Photo 
Gallery, you can configure everything including 
colors, text styles, amount of imaged displayed per 
page and much more. 
 
 
 
Details 
-------------------------------------------------------------------------------------- 
 
Xtreme ASP Photo Gallery Version 2.0 is prone to a 
common SQL injection vulnerability. The problem 
occurs when handling user-supplied username and 
password data supplied to authentication procedures. 
 
http://[host]/photoalbum/admin/adminlogin.asp 
 
If we type: 
 
Username: 'or' 
Password: 'or' 
 
we gain admin access about the password protected 
administrative pages. 
 
 
 
Recommendation 
-------------------------------------------------------------------------------------- 
 
No solution for the moment. 
 
 
 
Vendor Response 
-------------------------------------------------------------------------------------- 
 
The vendor has reportedly been notified to this 
report. 
 
 
 
Disclaimer 
-------------------------------------------------------------------------------------- 
 
The information within this paper may change without 
notice. Use of this information 
constitutes acceptance for use in an AS IS condition. 
There are NO warranties with 
regard to this information. In no event shall the 
author be liable for any damages  
whatsoever arising out of or in connection with the 
use or spread of this information. 
Any use of this information is at the user's own 
risk. 
 
 
 
Additional information 
-------------------------------------------------------------------------------------- 
 
These vulnerability have been found and researched 
by: 
 
posidron  posidron@tripbit.org 
rushjo    rushjo@tripbit.org 
 
You can find the last version of this warning in: 
 
http://www.tripbit.org/advisories/TA-150104.txt

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Debian 32 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files
malvuln 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

TA-150104.txt

TA-150104.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

TA-150104.txt

Share This

TA-150104.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems