# Exploit Title: Auto-Img-Gallery XSS Vulnerability # Date: 24.04.2010 # Author: Valentin # Category: webapps/0day # Version: 1.1 # Tested on: # CVE : # Code : [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = Auto-Img-Gallery XSS Vulnerability Author = Valentin Hoebel Contact = valentin@xenuser.org [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] >> Product information Name = Auto-Img-Gallery Vendor = G5 Scripts Vendor Website = http://www.g5-scripts.de Affected Version(s) = 1.1 [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] >> #1 Vulnerability Type = XSS Vulnerable Parameter(s) = "user", "pass" Example URI = upload.cgi?user=~~XSS~~&pass=~~XSS~~&btn2=login [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] >> Additional Information Advisory/Exploit Published = 24.04.2010 In some cases other parameters are also not validated, SQL injection might be possible. Script needs further testing. [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::] >> Misc Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase! <3 packetstormsecurity.org [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]