phAlbum PHP Gallery Script Cross Site Scripting

2012.05.22

Credit: Eyup CELIK

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: phAlbum php Gallery Script Reflected XSS Vulnerability
# Date: 2012
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


Issue: Reflected XSS

Risk level: High

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or  
Flash into a vulnerable application to fool a user in order to gather  
data from them. An attacker can steal the session cookie and take over  
the account, impersonating the user. It is also possible to modify the  
content of the page presented to the user.



Vulnerable Page:
index.php (XSS)


Example:
URI was set to #" onmouseover=prompt(928624) //
The input is reflected inside a tag parameter between double quotes.


POC:
http://www.phphq.net/demos/phAlbum/index.php/%F6%22%20onmouseover=document.write%28%22index.html%22%29%20//


Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr

References:

http://www.eyupcelik.com.tr/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

phAlbum PHP Gallery Script Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.