Coppermine Photo Gallery *add_hit()* SQL Injection Date: Tuesday, June 13, 2006 @ 16:04:15 CDT Topic: Security TITLE: Coppermine Photo Gallery "add_hit()" SQL Injection SECUNIA ADVISORY ID: SA20597 VERIFY ADVISORY: http://secunia.com/advisories/20597/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: Coppermine Photo Gallery 1.x http://secunia.com/product/1427/ DESCRIPTION: imei addmimistrator has discovered two vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "referer" and "user-agent" HTTP headers isn't properly sanitised before being used in a SQL query in the "add_hit()" function. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled and that the "Keep detailed hit statistics" setting is enabled (not enabled by default). The vulnerabilities have been confirmed in version 1.4.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Disable the "Keep detailed hit statistics" setting. PROVIDED AND/OR DISCOVERED BY: imei addmimistrator ORIGINAL ADVISORY This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2220