Photopost PHP Pro 4.6 Sql Injection Vul
trang này đã được đọc lần
Thông tin:
Published: 02 february 2004
Released: 02 february 2004
Name: Photopost PHP Pro
Affected Systems: 4.6 and prior versions
Issue: Sql Injection Vulnerability
Author: G00db0y from Zone-h Security Labs - zetalabs@zone-h.org
Vendor: http://www.photopost.com/
Chi tiết:
The problems exist due to insufficient sanitization of user-supplied data. A
remote attacker may exploit these issues to influence SQL query logic to
disclose sensitive information that could be used to gain unauthorized access.
For example try this:
+http://address/directory/showphoto.php?photo=[query]
Giải pháp:
Download patch:
http://www.photopost.com/members/forum/showthread.php?s=&threadid=98113