by r0t,der4444,cembo,VietMafia

Tuesday, December 13, 2005

EncapsGallery SQL inj. vuln.

EncapsGallery SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 13 dec. 2005
vendor:http://powerdev.com.ru/products/encapsgallery/
affected version:1.0.0 and prior

Product Description:

Photogallery, supports different independent layouts/themes. Web-design based on html-templates. Supported http/ftp image upload ,pgsql/mysql database, auto-thumbnails, config-file, web-admin.


Vuln. Description:

EncapsGallery contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

example:
/gallery.php?page=foto
&action=show_custom&id=[SQL]


Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

sql injection vulnerability is fixed in encapsgallery-1.0.1

9:59 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew