Exploit Title: Esoftpro Online Photo Pro Multiple Vulnerability
Vendor url:http://www.esoftpro.com/
Version:2
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
Online Photo Pro (formerly known as EPhoto PRO) is the state-of-the-art
online photo catalog that allows you to create a professional online catalog
in no time. It can be used as a Photo Gallery, Product Catalog, CD
Collection, Image Database or anything you can imagine. Online Photo Pro
features Auto Category & Photo Listing, Sorting, Independent Message Board
for each photo, Comprehensive Stats, Rating, Full Admin Interface and much
more.
With Online Photo Pro :-
* No more manual file transfer
* No more manual HTML code editing
* No more complex files and directories
* No more lack of interaction
* No more boring static pages
* ONE single script file handles UNLIMITED PHOTOS
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:
*SQL Vulnerability
DEMO URL:
http://server/OPP/index.php?section=[sqli]
*XSS Vulnerability
DEMO URL :
http://server/OPP/index.php?section=[xss]
*HTML Injection
DEMO URL:
http://server/OPP/index.php?section=[html]
# 0day n0 m0re #
# L0rd CrusAd3r #
--
With R3gards,
L0rd CrusAd3r