photo-gallery.php Missing Input Validation Lets Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1016505 |
|
SecurityTracker URL: http://securitytracker.com/id/1016505
|
|
CVE Reference:
CVE-2006-3688
(Links to External Site)
|
Updated: Jun 14 2008
|
Original Entry Date: Jul 17 2006
|
Impact:
Disclosure of system information, Disclosure of user information, User access via network
|
Exploit Included: Yes
|
Version(s): file dated December 4, 2003
|
Description:
A vulnerability was reported in photo-gallery.php. A remote user can inject SQL commands.
The 'room.php' script does not properly validate user-supplied input in the 'id' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
A demonstration exploit URL is proivded:
Room.php?id=[SQL Injection]
CrAzY CrAcKeR, Breeeeh, BoNy-m, and LiNuX_rOOt discovered this vulnerability.
[Editor's note: The product does not contain a version number, but the affected file 'room.php' is dated December 4, 2003.]
|
Impact:
A remote user can execute SQL commands on the underlying database.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: scripts.franciscocharrua.com/photo-gallery.php (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 11 Jul 2006 09:50:20 +0000
Subject: MyGallery
|
===========================================
Discovered By: C.B.B.L
CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuX_rOOt
===========================================
Example:-
/MyGallery/Room.php?id=[SQL Injection]
===========================================
|
|
