RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software.

From: GulfTech Security Research (security_at_gulftech.org)
Date: 03/29/05

  • Next message: Antone Roundy: "Code insertion in Blogger comments"
    To: <bugtraq@securityfocus.com>
    Date: Mon, 28 Mar 2005 16:03:24 -0600
    
    

    The SQL Injection issue in showmembers.php (showmembers.php?si=[SQL]) was
    reported to one of the lead developers Michael Pierce on March 11th 2005 by
    James Bercegay of GulfTech Research And Development and has since been fixed
    after being confirmed a legitimate security risk. Users with the older
    vulnerable versions are urged to upgrade asap. More information can be found
    on the official PhotoPost forums.

    James

    -----Original Message-----
    From: dcrab@hackerscenter.com [mailto:dcrab@hackerscenter.com]
    Sent: Monday, March 28, 2005 1:21 PM
    To: bugtraq@securityfocus.com
    Subject: Multiple Sql injection, and multiple XSS vulnerabilities in
    Photopost PHP Pro Photo Gallery Software.

    Dcrab 's Security Advisory
    http://icis.digitalparadox.org/~dcrab
    http://www.hackerscenter.com/

    Severity: High
    Title: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost
    PHP Pro Photo Gallery Software.
    Date: March 29, 2005

    -- 
    No virus found in this outgoing message.
    Checked by AVG Anti-Virus.
    Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005
     
    

  • Next message: Antone Roundy: "Code insertion in Blogger comments"

    Relevant Pages