Search | Research | Contact Us Tuesday January 17, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 When Small Mistakes Can Cause Big Problems
  7 Multiple Vulnerabilities In phpWebsite
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Multiple Vulnerabilities In PhotoPost Pro
January 3, 2022
Vendor : All Enthusiast, Inc.
URL : http://www.photopost.com/
Version : All Versions
Risk : Multiple Vulnerabilities


Description:
PhotoPost was designed to help you give your users exactly what they want. Your users will be thrilled to finally be able to upload and display their photos for your entire community to view and discuss, all with no more effort than it takes to post a text message to a forum. If you already have a forum (vBulletin, UBB Threads, phpBB, DCForum, or InvisionBoard), you'll appreciate that PhotoPost was designed to seamlessly integrate into your site without the need for your users to register twice and maintain two logins. PhotoPost Pro is vulnerable to some serious SQL Injection issues as well as cross site scripting. An update is available and all users should upgrade now.


Cross Site Scripting:
PhotoPost is prone to cross site scripting in several different scripts throughout the application. Below are examples:

http://path/showgallery.php?cat=[INT]&page;=[XSS]
http://path/showgallery.php?si=[XSS]
http://path/showgallery.php?cat=[INT][XSS]
http://path/showgallery.php?ppuser=[INT]&cat;=[INT][XSS]

This can be used to render hostile code in the context of the victims browser, or to steal cookie based credentials or other sensitive info.


SQL Injection Vulnerability:
There are several SQL Injection vulnerabilities in this application. Some are easy to exploit, others are not so easy.

http://path/showgallery.php?cat=[INT][SQL]
http://path/showgallery.php?ppuser=[INT][SQL]&cat;=[INT]

These SQL issues can possibly be exploited to influence SQL queries and disclose arbitrary data. These will alse cause XSS if unsuccessful.


Solution:
PhotoPost 4.86 has been released to address these issues. Users should upgrade their installation as soon as possible.


Credits:
James Bercegay of the GulfTech Security Research Team