################################################ GOOP Gallery 'image' param Cross-site scripting Vendor url:http://www.webgeneius.com Advisore:http://lostmon.blogspot.com/2006/10/ goop-gallery-image-param-cross-site.html Vendor notify: YES Exploit available: YES ################################################ GOOP Gallery contains a flaw that allows a remote cross site scripting attack.This flaw exists because the application does not validate 'image' param upon submission to index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. ################ Versions ################ GOOP Gallery 2.0 vulnerable GOOP Gallery 2.0.3 not Vulnerable ################ Solution ################ Upgrade to GOOP gallery 2.0.3as soon as possible. http://webgeneius.com/index.php?mod=blog&id=49 Download GG2.0.3: http://webgeneius.com/downloads/gg2.0.3.zip ################ Timeline ################ Discovered:09-10-2006 Vendor notify:14-10-2006 Vendor response:15-10-2006 Vendor Fix: 16-10-2006 Disclosure: 16-10-2006 ############## Example ############## http://Victim/goopgallery/index.php?next=%BB&gallery=demo+gallery+1 &image=Bunny.JPG">[XSS-CODE] http://Victim/goopgallery/index.php?gallery=demo+gallery+1 &image=Bunny.JPG">[XSS-CODE] ######################## €nd ##################### Thnx to Estrella to be my ligth. -- atentamente: Lostmon (lostmon@gmail.com) Web-Blog: http://lostmon.blogspot.com/ -- La curiosidad es lo que hace mover la mente....