lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000701c3ced8$ffddf560$1792db3e@fucku>
Date: Tue, 30 Dec 2003 15:29:49 +0200
From: "The-Insider" <nuritrv18@...eqint.net>
To: <bugtraq@...urityfocus.com>
Subject: Gallery v1.3.3 Cross Site Scripting Vulnerabillity


#######################################################################

Application:    Gallery
Vendors:
http://gallery.sourceforge.net
http://gallery.menalto.com
Versions:        <= 1.3.3
Platforms:       Windows/Unix
Bug:                 Cross Site Scripting Vulnerabillity
Risk:                Low
Exploitation:   Remote with browser
Date:               30 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider@...l.com
web:                http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bug
3) The Code

#######################################################################

===============
1) Introduction
===============


Gallery 1.3.3 is an automated php Gallery engine. It is quite secure, and
very effective as a
web gallery.

#######################################################################

======
2) Bug
======

When the webserver hosting gallery 1.3.3 recieves a "GET
/<galleryfolder>/search.php"
it reffers to search.php as it should. However when searching
"<script>alert('XSS')</script>"
or requests "GET
/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>"
the server allows an attacker so inject & execute scripts.

#######################################################################

===========
3) The Code
===========

http://<host>/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</
script>

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ