TCW PHP Album Multiple Vulnerability

vendor:

TCW PHP Album

by:

L0rd CrusAd3r

8,5

CVSS

HIGH

SQL Vulnerability

CWE

Product Name: TCW PHP Album

Affected Version From: 1

Affected Version To: 1

Patch Exists: Yes

Related CWE: N/A

CPE: a:tcw_php_album:tcw_php_album

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

TCW PHP Album Multiple Vulnerability

TCW PHP Album is prone to a SQL injection vulnerability because it fails to properly sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may compromise the application, disclose sensitive data, modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to prevent attackers from exploiting this vulnerability.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: TCW PHP Album Multiple Vulnerability
Vendor url:http://tcwphpalbum.sourceforge.net/
Version:1
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

TCW PHP Album is a set of PHP scripts that (using MySQL and the GD Library)
allow you to easily make online multimedia albums. With an intuitive
administrative panel you can quickly add albums, photos, themes, and change
site settings. It also has commenting, where people can post comments on
images and numerically rate pictures, as well as other features such as IP
restriction/banning. Recently added, you can also make automatic slideshows.
TCW PHP Album requires the following:

    * PHP 4.1.2 or higher, --with-mysql
    * The GD Image Library OR ImageMagick's Convert
    * Minimum of PNG support for the above
    * A MySQL database - tested with 3.2x
    * TCW PHP Album is operating system independent. TCW PHP Album does not
support the GD Image library as it is lacking many features of convert, but
the option is available.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://server/photos/index.php?album=[sqli]

*XSS Vulnerability

DEMO URL :

http://server/photos/index.php?album=[xss]

*URL Redirection Vulnerability

DEMO URL:

http://server/photos/index.php?album=[urlredirection]

*HTML Injection

DEMO URL:

http://server/photos/index.php?album=[html]

# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r