Xtreme ASP Photo Gallery Multiple Input Validation Vulnerability

info
discussion
exploit
solution
references

Xtreme ASP Photo Gallery Multiple Input Validation Vulnerability

An attacker can exploit the SQL-injection and HTML-injection vulnerabilities using a standard web browser.

An attacker may exploit the cross-site scripting vulnerability by enticing unsuspecting users into following a malicious link.

The following example URIs are available:

http://target/path/displaypic.asp?category=23&sortorder=9&total=10&catname=[XSS]
http://target/path/displaypic.asp?category=23&sortorder=[SQL Injection]