MG2 0.5.1 Multiple XSS Vulnerabilities

Title: MG2 0.5.1 Multiple XSS Vulnerabilities
Advisory ID: ZSL-2011-4993
Type: Remote
Impact: Cross-Site Scripting
Risk: (2/5)
Release Date: 12.02.2011
Summary
MG2 is the sequel to the popular image gallery script MiniGal. One of the highlights of MG2 is, that it supports PHP running in safe mode which is unsupported by almost all other dynamic image gallery scripts on the web.
Description
MG2 suffers from multiple XSS vulns. Several parameters are vulnerable that are not sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vendor
MiniGal - http://www.minigal.dk
Affected Version
0.5.1
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
N/A
PoC
mg2_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://securityreason.com/exploitalert/9974
[2] http://packetstormsecurity.org/files/98467
[3] http://securityreason.com/wlb_show/WLB-2011020060
[4] http://www.securityfocus.com/bid/46378
[5] http://xforce.iss.net/xforce/xfdb/65452
Changelog
[12.02.2011] - Initial release
[15.02.2011] - Added reference [2] and [3]
[16.02.2011] - Added reference [4]
[18.02.2011] - Added reference [5]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk