minigal-xss.txt

minigal-xss.txt: Posted Mar 4, 2008; Authored by Jose Carlos Norte; Minigal 2 aka MG2 is susceptible to a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 7071f2f99cf637a797b9a2f46856d30ae239eed5ae3348826fa97fc38c0b2d7d; Download | Favorite | View

minigal-xss.txt

Title: Minigal 2 critical XSS
Author: Jose Carlos Norte (jose@eyeos.org)
Date: 4-3-2008
Severity: high
Vendor URL: http://www.minigal.dk/

------- Introduction

Minigal 2(a.k.a. MG2) is a picture album written in PHP, it have a simple administration panels, and makes non-ajax browsable albums.

------- The problem

The problem consist in a fully exploitable XSS. MG2 allows NON-Admin users to browser some areas of the admin panel, and one of these, have a XSS problem.

------- Exploitation

admin.php?action=import&list=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E

------- Status

Vendor contacted without response.

------- Credits

This bug was discovered by Jose Carlos Norte, (jose@eyeos.org).

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

minigal-xss.txt

minigal-xss.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

minigal-xss.txt

Share This

minigal-xss.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems