RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software.

From: GulfTech Security Research (security_at_gulftech.org)
Date: 03/29/05

  • Next message: Antone Roundy: "Code insertion in Blogger comments" 
    To: <bugtraq@securityfocus.com>
Date: Mon, 28 Mar 2005 16:03:24 -0600

    The SQL Injection issue in showmembers.php (showmembers.php?si=[SQL]) was
    reported to one of the lead developers Michael Pierce on March 11th 2005 by
    James Bercegay of GulfTech Research And Development and has since been fixed
    after being confirmed a legitimate security risk. Users with the older
    vulnerable versions are urged to upgrade asap. More information can be found
    on the official PhotoPost forums.

    James

    -----Original Message-----
    From: dcrab@hackerscenter.com [mailto:dcrab@hackerscenter.com]
    Sent: Monday, March 28, 2005 1:21 PM
    To: bugtraq@securityfocus.com
    Subject: Multiple Sql injection, and multiple XSS vulnerabilities in
    Photopost PHP Pro Photo Gallery Software.

    Dcrab 's Security Advisory
    http://icis.digitalparadox.org/~dcrab
    http://www.hackerscenter.com/

    Severity: High
    Title: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost
    PHP Pro Photo Gallery Software.
    Date: March 29, 2005 

    -- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005
  • Next message: Antone Roundy: "Code insertion in Blogger comments"

    Relevant Pages