[VIM] Verified WhiteAlbum SQL injection

Steven M. Christey coley at mitre.org
Tue Jan 17 19:13:35 EST 2006

Re: "White Album Sql İnjection biyosecurity.be"

I've been interested in the researcher "Liz0ziM" since they have been
accused of plagiarism and, even if not that, have made some errors in
the recent past.

I verified by source inspection the "dir" SQL injection issue in

1) from albumapi.php in WhiteAlbum 2.5:

>function checkValidation($dir,$okDir,$target) {
>	global $db,$cfg;
>	$result=mysql_query("SELECT access FROM al_directories WHERE dir_id=$dir",$db);
>	$myrow=mysql_fetch_row($result);
>	if (in_array($myrow[0],$okDir)) {
>		return(true);
>	}

2) from pictures.php:

>if (isset($_GET['dir'])) {
>	$derivedDir=$_GET['dir'];
>if (!$validated=checkValidation($derivedDir,$_SESSION['accessDir'],$_SERVER['PHP_SELF'])) {

Presumably, the attack is not effective when magic_quotes_gpc is on.

- Steve

More information about the VIM mailing list