← Advisories

iGallery Plugin v1.0.0 (dir) Remote Cross-Site Scripting Vulnerability

Medium

Advisory ID

ZSL-2011-5046

Release Date

17 September 2011

Vendor

net4visions.com - http://www.net4visions.com

Affected Version

1.0.0

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN), Apache 2.2.14 (Win32), PHP 5.3.1, MySQL 5.1.41

Summary

iGallery uses MooTools - image resizing done dynamically using phpThumb - resized images are cached.

Description

iGallery suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept

igallery_xss.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://packetstormsecurity.org/files/105200

[2]http://www.securityfocus.com/bid/49675

[3]http://securityreason.com/wlb_show/WLB-2011090089

[4]http://xforce.iss.net/xforce/xfdb/69921

Changelog

17.09.2011Initial release

18.09.2011Added reference [1]

20.09.2011Added reference [2] and [3]

22.09.2011Added reference [4]