what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mt. Vernon Media 1.12 HTML Injection

Mt. Vernon Media 1.12 HTML Injection
Posted May 8, 2015
Authored by Jing Wang

Mt. Vernon Media web design products version 1.12 suffer from a html injection vulnerability.

tags | exploit, web
SHA-256 | bebb2aef18c7a2bcf384218bc8a70bba6a3caba28de4fffcab06bd26bba2117b

Mt. Vernon Media 1.12 HTML Injection

Change Mirror Download
*MT.VERNON MEDIA Web-Design v1.12 HTML Injection Web Security

Exploit Title: MT.VERNON MEDIA Web-Design v1.12 "gallery.php?" &category
parameter HTML Injection Security Vulnerabilities
Product: Web-Design v1.12
Vulnerable Versions: v1.12
Tested Version: v1.12
Advisory Publication: May 08, 2015
Latest Update: May 08, 2015
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing[Mathematics, Nanyang Technological
University (NTU), Singapore] (@justqdjing)

*Recommendation Details:*

*(1) Vendor & Product Description:*


*Product & Vulnerable Versions:*

*Vendor URL & Download:*
MT.VERNON MEDIA can be obtained from here,

*Google Dork:*
"developed by: Mt. Vernon Media"

*Product Introduction Overview:*
"In today's economy every business is more focused on ROI (Return On
Investment) than ever before. We'll help you ensure a solid ROI for your
website, not only making it effective and easy to use for your clients, but
helping you to drive traffic to your site and ensuring effective content
and design to turn traffic into solid leads, sales, or repeat customers. We
offer custom design and development services tailored to your needs and
specifications drawn up jointly with you to ensure that the appropriate
technology is leveraged for optimum results, creating a dynamic and
effective design, based on market effectiveness and user-friendly design
standards. Our developers are experts in web application development using
various programming languages including Perl, SQL, C, C+, and many other
back-end programming languages, as well as database integration. For a view
of some of your past projects, take a look at our list of clients. We
handle custom development of your Internet project from conception through

Internet & Intranet sites
Design concepts, layouts, and specifications
Intuitive Graphical User Interface (GUI) design
Dynamic navigation design
Creation and manipulation of graphical design elements
GIF Animation
Flash development
HTML hand-coding and debugging
JavaScript for interactivity and error-checking
ASP (Active Server Pages)
Customized Perl CGI scripts (mailing lists, form submission, etc)
Customized application development in varied programming languages
Site publication and promotion
On-going updating and maintenance
Banner ads"

*(2) Vulnerability Details:*
MT.VERNON MEDIA web application has a computer security bug problem. It can
be exploited by stored HTML Injection attacks. Hypertext Markup Language
(HTML) injection, also sometimes referred to as virtual defacement, is an
attack on a user made possible by an injection vulnerability in a web
application. When an application does not properly handle user supplied
data, an attacker can supply valid HTML, typically via a parameter value,
and inject their own content into the page. This attack is typically used
in conjunction with some form of social engineering, as the attack is
exploiting a code-based vulnerability and a user's trust.

Several other MT.VERNON MEDIA products 0-day vulnerabilities have been
found by some other bug hunter researchers before. MT.VERNON MEDIA has
patched some of them. BugScan is the first community-based scanner,
experienced five code refactoring. It has redefined the concept of the
scanner provides sources for the latest info-sec news, tools, and
advisories. It also publishs suggestions, advisories, solutions details
related to HTML vulnerabilities.

*(2.1) *The first programming code flaw occurs at "&category" parameter in
"gallery.php?" page.


Jing Wang,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),

Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    7 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By