Topic:	Auto-Img-Gallery 1.1 XSS Vulnerability
Credit:	Valentin
Date:	2010.05.06
CWE:	CWE-79 (Show similar)
CVE:	CVE-2010-1709 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

# Exploit Title: Auto-Img-Gallery XSS Vulnerability
# Date: 24.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: 1.1
# Tested on:
# CVE :
# Code :


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Auto-Img-Gallery XSS Vulnerability
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Auto-Img-Gallery
Vendor = G5 Scripts
Vendor Website = http://www.g5-scripts.de
Affected Version(s) = 1.1


[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = XSS
Vulnerable Parameter(s) = "user", "pass"
Example URI = upload.cgi?user=~~XSS~~&pass=~~XSS~~&btn2=login


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 24.04.2010

In some cases other parameters are also not validated, SQL injection might be possible.
Script needs further testing.


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]

References: