Bugtraq mailing list archives
Advisory !
From: "Mr Serbia" <serbian_sniper () hotmail com>
Date: Sat, 31 Jan 2004 12:42:11 +1100
------------------------------------------------- thePHOTOtool SQL Injection Vulnerability By KingSerb -------------------------------------------------Please Forgive my spelling or any mistakes i have made, Its my first discovery of a vulnerablity so please understand, and use this file for educational purposes only
i hold no responsibility for what you do whith the information. ------------------------------------------------- ABOUT: This software is a photo album manager but also it has a link to go to the administration section, and from there you may edit news, homepage and ect. ------------------------------------------------- FINDING VICTIMS: a simple yahoo search for /gallery/login.asp ------------------------------------------------- DESCRIPTION:and then the login screen is vulnerable to sql injection attacks, which means that you dont need the original password but instead you put a sql code in the password field,
and in the username the default user name being "admin".in the login script the onLoad="document.forms.loginForm.login.focus()"> is thought to be the problem.
------------------------------------------------- PROOF OF CONCEPT: username: admin password: hi' or 'a'='a ------------------------------------------------- VENDOR CONTACT: www.steelid.com vendor has been contacted. ------------------------------------------------- CONTACT ME: email: KingSerb [AT] Linuxmail [DOT] org Msn: serbian_sniper [AT] Hotmail [DOT] com *email has been put in this form because of spammers and email harvesters* ------------------------------------------------- Vulnerability found on 30/01/04. _________________________________________________________________Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp
Current thread:
- Advisory ! Mr Serbia (Feb 02)