header-logo
Suggest Exploit
vendor:
Online Photo Pro
by:
L0rd CrusAd3r aka VSN
7,5
CVSS
HIGH
SQL Injection, XSS, HTML Injection
89, 79, 80
CWE
Product Name: Online Photo Pro
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Esoftpro Online Photo Pro Multiple Vulnerability

Online Photo Pro (formerly known as EPhoto PRO) is the state-of-the-art online photo catalog that allows you to create a professional online catalog in no time. It can be used as a Photo Gallery, Product Catalog, CD Collection, Image Database or anything you can imagine. Online Photo Pro features Auto Category & Photo Listing, Sorting, Independent Message Board for each photo, Comprehensive Stats, Rating, Full Admin Interface and much more. SQL Injection, XSS and HTML Injection vulnerabilities have been identified in the application.

Mitigation:

Input validation should be performed on all user-supplied data to prevent malicious code injection.
Source

Exploit-DB raw data:

Exploit Title: Esoftpro Online Photo Pro Multiple Vulnerability
Vendor url:http://www.esoftpro.com/
Version:2
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

Online Photo Pro (formerly known as EPhoto PRO) is the state-of-the-art
online photo catalog that allows you to create a professional online catalog
in no time. It can be used as a Photo Gallery, Product Catalog, CD
Collection, Image Database or anything you can imagine. Online Photo Pro
features Auto Category & Photo Listing, Sorting, Independent Message Board
for each photo, Comprehensive Stats, Rating, Full Admin Interface and much
more.

With Online Photo Pro :-

    * No more manual file transfer
    * No more manual HTML code editing
    * No more complex files and directories
    * No more lack of interaction
    * No more boring static pages
    * ONE single script file handles UNLIMITED PHOTOS

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://server/OPP/index.php?section=[sqli]

*XSS Vulnerability

DEMO URL :

http://server/OPP/index.php?section=[xss]

*HTML Injection

DEMO URL:

http://server/OPP/index.php?section=[html]

# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r

Navigation

Suggest Exploit

Services By CQR