Full Disclosure mailing list archives
[HTTPCS] InterPhoto Image Gallery 'thisurl' Cross Site Scripting Vulnerability
From: HTTPCS <contact () httpcs com>
Date: Sat, 11 Aug 2012 14:49:47 +0200 (CEST)
HTTPCS Advisory : HTTPCS67 Product : InterPhoto Image Gallery Version : 2.5.1 Date : 2012-08-07 Criticality level : Less Critical Description : A vulnerability has been discovered in InterPhoto Image Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'thisurl' parameter to '/login.php' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Page : /login.php Variables : thisurl=[VulnHTTPCS] Type : XSS Method : POST Solution : References : https://www.httpcs.com/advisory/httpcs67 Credit : HTTPCS [Web Vulnerability Scanner] _______________________________________________ Twitter : http://twitter.com/HTTPCS_ Free web vulnerability scanner HTTPCS _______________________________________________
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [HTTPCS] InterPhoto Image Gallery 'thisurl' Cross Site Scripting Vulnerability HTTPCS (Aug 11)