PhotoPost PHP Pro EXIF cross-site scripting

photopost-exif-xss (22020) The risk level is classified as MediumMedium Risk

Description:

PhotoPost PHP Pro is vulnerable to cross-site scripting. A remote attacker could send a specially-crafted URL containing malicious EXIF data within image files which, once the link is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Other products found to be vulnerable are: Gallery versions 1.5.1-RC2 and earlier, YaPiG versions 0.95b and possibly other versions, and phpGraphy version 0.9.9a and earlier versions.

Platforms Affected:

  • Debian, Debian Linux 3.1
  • Gallery, Gallery 1.5.1-RC2 and prior
  • PhotoPost, PhotoPost PHP Pro 5.1
  • phpGraphy, phpGraphy 0.9.9a and prior
  • YaPiG, YaPiG 0.95b

Remedy:

For Debian GNU/Linux (Gallery):
Refer to DSA-1148-1 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

  • PhotoPost PHP Pro Web page, PhotoPost PHP Photo Gallery with vBulletin and Other Forum Integration at http://www.photopost.com/.
  • BID-14668: Gallery Script Injection Vulnerability
  • BID-14669: PHPgraphy Script Injection Vulnerability
  • BID-14670: YaPig Script Injection Vulnerability
  • BID-14671: PhotoPost Script Injection Vulnerability
  • CVE-2005-2734: Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
  • CVE-2005-2735: Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
  • CVE-2005-2736: Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
  • CVE-2005-2737: Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
  • DSA-1148: gallery -- several vulnerabilities
  • SA16594: Gallery EXIF Data Script Insertion and File Disclosure Vulnerability
  • SA16595: phpGraphy EXIF Data Script Insertion Vulnerability
  • SA16596: YaPig EXIF Data Script Insertion Vulnerability
  • SA16597: PhotoPost PHP Pro EXIF Data Script Insertion Vulnerability
  • SECTRACK ID: 1014800: Gallery Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks
  • SECTRACK ID: 1014801: phpGraphy Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks
  • SECTRACK ID: 1014802: YaPiG Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks
  • SECTRACK ID: 1014803: PhotoPost PHP Pro Input Validation Bug in Processing EXIF Meta Data Permits Cross-Site Scripting Attacks

Reported:

Aug 26, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page