Detections
Analytics
Pixelpost < 1.5 RC1 showimage Parameter SQL Injection
high Nessus Plugin ID 21049
Language:
Synopsis
The remote web server contains a PHP application that suffers from multiple vulnerabilities.Description
The remote host is running Pixelpost, a photo blog application based on PHP and MySQL.The version of Pixelpost installed on the remote host fails to sanitize input to the 'showimage' parameter of the 'index.php' script before using it to construct database queries. Provided PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated attacker can exploit this flaw to inject arbitrary SQL code and thereby uncover sensitive information such as authentication credentials, launch attacks against the underlying database application, etc.
In addition, the application reportedly contains a similar SQL injection flaw involving the 'USER_AGENT', 'HTTP_REFERER' and 'HTTP_HOST' variables used in 'includes/functions.php', a cross-site scripting issue involving the comment, name, url, and email values when commenting on a post, and an information disclosure flaw involving direct requests to 'includes/phpinfo.php'. Nessus has not, though, checked for them.
Solution
Upgrade to Pixelpost version 1.5 RC1 or later when it becomes available.See Also
https://www.securityfocus.com/archive/1/426764/30/0/threaded
Plugin Details
Severity: High
ID: 21049
File Name: pixelpost_15rc1.nasl
Version: 1.18
Type: remote
Family: CGI abuses
Published: 3/13/2006
Updated: 4/11/2022
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 3/4/2006
Reference Information
CVE: CVE-2006-1104
BID: 16964