Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photo

from [dcrab] Network Security [Permanent Link]
Subject: Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software.
Date: 30 Mar 2005 20:00:07 -0000 
In-Reply-To: <1112047432_32079@S1.cableone.net>

I ran audit's on da latest version available for download on the Photopost 
website, and was unaware of your release so i apologise for the confusion.
                               Dcrab


Received: (qmail 32267 invoked from network); 29 Mar 2005 22:12:43 -0000
Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) 
(205.206.231.26)
 by mail.securityfocus.com with SMTP; 29 Mar 2005 22:12:43 -0000
Received: from lists2.securityfocus.com (lists2.securityfocus.com 
[205.206.231.20])
      by outgoing2.securityfocus.com (Postfix) with QMQP
      id D2B1F144E1B; Tue, 29 Mar 2005 11:33:25 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 30350 invoked from network); 28 Mar 2005 14:41:04 -0000
From: "GulfTech Security Research" <security@gulftech.org>
To: <bugtraq@securityfocus.com>
Subject: RE: Multiple Sql injection, and multiple XSS vulnerabilities in    
Photopost PHP Pro Photo Gallery Software.
Date: Mon, 28 Mar 2005 16:03:24 -0600
MIME-Version: 1.0
Content-Type: text/plain;
      charset="windows-1250"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: <20050328192116.16152.qmail@www.securityfocus.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Thread-Index: AcUz295H5cAHziumRKWigJxsdcguyAABNrIg
Message-ID: <1112047432_32079@S1.cableone.net>
X-IP-stats: Incoming Last 2, First 77, in=49, out=0, spam=0
X-External-IP: 24.117.152.22
X-Abuse-Info: Send abuse complaints to abuse@cableone.net

The SQL Injection issue in showmembers.php (showmembers.php?si=[SQL]) was
reported to one of the lead developers Michael Pierce on March 11th 2005 by
James Bercegay of GulfTech Research And Development and has since been fixed
after being confirmed a legitimate security risk. Users with the older
vulnerable versions are urged to upgrade asap. More information can be found
on the official PhotoPost forums.

James 



-----Original Message-----
From: dcrab@hackerscenter.com [mailto:dcrab@hackerscenter.com] 
Sent: Monday, March 28, 2005 1:21 PM
To: bugtraq@securityfocus.com
Subject: Multiple Sql injection, and multiple XSS vulnerabilities in
Photopost PHP Pro Photo Gallery Software.



Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/

Severity:  High
Title: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost
PHP Pro Photo Gallery Software.
Date: March  29,  2005

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DoS of LAN via D-Link switches, Neil Watson
Next by Date:  Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Kurt Seifried
Previous by Thread:  RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., GulfTech Security Research
Next by Thread:  Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS), dcrab
Indexes:  [Date] [Thread] [Top] [All Lists]