TCW PHP Album - Multiple Vulnerabilities

EDB-ID:

14203




Platform:

PHP

Date:

2010-07-04


1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: TCW PHP Album Multiple Vulnerability
Vendor url:http://tcwphpalbum.sourceforge.net/
Version:1
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

TCW PHP Album is a set of PHP scripts that (using MySQL and the GD Library)
allow you to easily make online multimedia albums. With an intuitive
administrative panel you can quickly add albums, photos, themes, and change
site settings. It also has commenting, where people can post comments on
images and numerically rate pictures, as well as other features such as IP
restriction/banning. Recently added, you can also make automatic slideshows.
TCW PHP Album requires the following:

    * PHP 4.1.2 or higher, --with-mysql
    * The GD Image Library OR ImageMagick's Convert
    * Minimum of PNG support for the above
    * A MySQL database - tested with 3.2x
    * TCW PHP Album is operating system independent. TCW PHP Album does not
support the GD Image library as it is lacking many features of convert, but
the option is available.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://server/photos/index.php?album=[sqli]

*XSS Vulnerability

DEMO URL :

http://server/photos/index.php?album=[xss]

*URL Redirection Vulnerability

DEMO URL:

http://server/photos/index.php?album=[urlredirection]

*HTML Injection

DEMO URL:

http://server/photos/index.php?album=[html]

# 0day n0 m0re #
# L0rd CrusAd3r #


-- 
With R3gards,
L0rd CrusAd3r