Secunia
|
|
Secunia Research: Ansel "image" SQL Injection and Script Insertion Vulnerabilities |
|
======================================================================
Secunia Research 06/12/2004
- Ansel "image" SQL Injection and Script Insertion Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
Ansel 2.1 and potentially other versions.
======================================================================
2) Severity
Rating: Moderately critical
Impact: Manipulation of data, Cross Site Scripting
Where: Remote
======================================================================
3) Vendor's Description of Software
Ansel is a picture gallery for web sites. It is a high quality,
information-rich photo gallery, designed to handle large numbers of
images and albums. It stores all its images in a database, making it
both fast and flexible. Ansel is similar in spirit to Shutterfly and
Yahoo pictures, but does not place restrictions on image size.
Product link:
http://freshmeat.net/projects/ansel/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered some vulnerabilities in Ansel, which
can be exploited by malicious people to conduct SQL injection and
script insertion attacks.
1) Ansel fails to verify input passed to the "image" parameter
properly before it is used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed to the album name field is not properly sanitised
before being used. This can be exploited to inject arbitrary HTML and
script code, which will be executed in a user's browser session in
context of an affected site when the main page or a malicious album is
viewed.
The vulnerabilities have been confirmed on version 2.1. Other versions
may also be affected.
======================================================================
5) Solution
Update to version 2.2:
ftp://heron.sdsc.edu/pub/ansel-2.2.tar.gz
======================================================================
6) Time Table
12/11/2004 - Vulnerability discovered.
17/11/2004 - Vendor notified.
28/11/2004 - Vendor confirms vulnerabilities.
06/12/2004 - Public disclosure.
======================================================================
7) Credits
Discovered by Secunia Research.
======================================================================
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2004-17/advisory/
======================================================================
|
|
