The SQL Injection issue in showmembers.php (showmembers.php?si=[SQL]) was
reported to one of the lead developers Michael Pierce on March 11th 2005 by
James Bercegay of GulfTech Research And Development and has since been fixed
after being confirmed a legitimate security risk. Users with the older
vulnerable versions are urged to upgrade asap. More information can be found
on the official PhotoPost forums.
James
-----Original Message-----
From: dcrab (at) hackerscenter (dot) com [email concealed] [mailto:dcrab (at) hackerscenter (dot) com [email concealed]]
Sent: Monday, March 28, 2005 1:21 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Multiple Sql injection, and multiple XSS vulnerabilities in
Photopost PHP Pro Photo Gallery Software.
reported to one of the lead developers Michael Pierce on March 11th 2005 by
James Bercegay of GulfTech Research And Development and has since been fixed
after being confirmed a legitimate security risk. Users with the older
vulnerable versions are urged to upgrade asap. More information can be found
on the official PhotoPost forums.
James
-----Original Message-----
From: dcrab (at) hackerscenter (dot) com [email concealed] [mailto:dcrab (at) hackerscenter (dot) com [email concealed]]
Sent: Monday, March 28, 2005 1:21 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Multiple Sql injection, and multiple XSS vulnerabilities in
Photopost PHP Pro Photo Gallery Software.
Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/
Severity: High
Title: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost
PHP Pro Photo Gallery Software.
Date: March 29, 2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005
[ reply ]