← Advisories

MG2 0.5.1 Multiple XSS Vulnerabilities

Low

Advisory ID

ZSL-2011-4993

Release Date

12 February 2011

Vendor

MiniGal - http://www.minigal.dk

Affected Version

0.5.1

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN), Apache 2.2.14 (Win32), PHP 5.3.1, MySQL 5.1.41

Summary

MG2 is the sequel to the popular image gallery script MiniGal. One of the highlights of MG2 is, that it supports PHP running in safe mode which is unsupported by almost all other dynamic image gallery scripts on the web.

Description

MG2 suffers from multiple XSS vulns. Several parameters are vulnerable that are not sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept

mg2_xss.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://securityreason.com/exploitalert/9974

[2]http://packetstormsecurity.org/files/98467

[3]http://securityreason.com/wlb_show/WLB-2011020060

[4]http://www.securityfocus.com/bid/46378

[5]http://xforce.iss.net/xforce/xfdb/65452

Changelog

12.02.2011Initial release

15.02.2011Added reference [2] and [3]

16.02.2011Added reference [4]

18.02.2011Added reference [5]