All Enthusiast PhotoPost PHP Pro多个远程漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108515 漏洞类型
发布时间 2005-03-10 更新时间 2006-09-27
CVE编号 CVE-2005-0776 CNNVD-ID CNNVD-200505-788
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25208
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-788
|漏洞详情
PhotoPostPHP5.0RC3中的adm-photo.php在操作照片之前未正确验证管理员权限,远程攻击这可借此来操作其他用户的照片。
|漏洞EXP
source: http://www.securityfocus.com/bid/12779/info

PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution.

Multiple remote vulnerabilities affect All Enthusiast PhotoPost PHP Pro. These issues are due to a failure of the application to validate access rights and user-supplied input.

The first issue is an access validation issue that may allow attackers to manipulate images uploaded by arbitrary users. The second issue is a cross-site scripting vulnerability.

An attacker may leverage these issues to execute script code in an unsuspecting user's browser and to bypass authentication to execute certain application commands.

http://www.example.com/photopost/adm-photo.php?ppaction=manipulate&pid=[IMAGE ID]&dowhat=rebuildthumb&dowhat=rotateccw
|参考资料

来源:BUGTRAQ
名称:20050311PhotoPostPHP5.0RC3,andlater,multiplevulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111065868402859&w=2
来源:XF
名称:photopost-image-modification(19677)
链接:http://xforce.iss.net/xforce/xfdb/19677
来源:BID
名称:12779
链接:http://www.securityfocus.com/bid/12779
来源:SECUNIA
名称:14576
链接:http://secunia.com/advisories/14576