Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability

Title: Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability
Advisory ID: ZSL-2011-4992
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (4/5)
Release Date: 11.02.2011
Summary
Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Anyone who has web-space that meets the requirements can download and use Pixelpost for free!
Description
Pixelpost is vulnerable to an SQL Injection attack when input is passed to several POST parameters (findfid, id, selectfcat, selectfmon, selectftag). The script (admin/index.php) fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information.
Vendor
Pixelpost.org - http://www.pixelpost.org
Affected Version
1.7.3
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
N/A
PoC
pixelpost_sql.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/98428
[2] http://www.exploit-db.com/exploits/16160
[3] http://securityreason.com/wlb_show/WLB-2011020049
[4] http://www.securityfocus.com/bid/46348
[5] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1100
[6] https://nvd.nist.gov/vuln/detail/CVE-2011-1100
Changelog
[11.02.2011] - Initial release
[12.02.2011] - Added reference [1], [2] and [3]
[14.02.2011] - Added reference [4]
[25.10.2021] - Added reference [5] and [6]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk