Xtreme Asp Photo Gallery Sql Injection Vulnerabili

Full Version: Xtreme Asp Photo Gallery Sql Injection Vulnerabili

GovernmentSecurity.org > The Archives > Exploit Articles

ni3_boom

Jan 19 2004, 05:28 PM

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
Xtreme ASP Photo Gallery 2.x

DESCRIPTION:
posidron and rushjo have reported a vulnerability in Xtreme ASP Photo
Gallery, allowing malicious people to conduct SQL injection attacks.

The username and password parameters aren't properly verified in the
"adminlogin.asp" script, which can be exploited to bypass the
authentication mechanism via a classic SQL injection attack.

The vulnerability has been reported in version 2.0.

SOLUTION:
Use another authentication mechanism to restrict access to the admin
pages.

PROVIDED AND/OR DISCOVERED BY:
posidron and rushjo, Tripbit.

----------------------------------------------------------------------

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.