← Advisories

MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability

Medium
Advisory ID
ZSL-2013-5130
Release Date
25 February 2013
Vendor
MTP Scripts - http://www.morephp.net
Affected Version
1.0
CVE
N/A
Tested On
Linux, Apache2
Summary

MTP Image Gallery offers more control, better uploading and enhanced performance. With MTP Image Gallery you can easily create and maintain albums of photos via an intuitive, web interface.

Description

MTP Image Gallery suffers from a stored XSS vulnerability when parsing user input to the 'title' parameter via POST method thru 'edit_photos.php' and 'add_cat.php' scripts. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept
mtpimagegallery_xss.htmlTXT
Disclosure Timeline
17.02.2013Vulnerability discovered.
19.02.2013Contact with the vendor.
24.02.2013No response from the vendor.
25.02.2013Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.com/files/120531
[2]http://www.securityfocus.com/bid/58146
[3]http://cxsecurity.com/issue/WLB-2013020189
[4]http://www.exploit-db.com/exploits/24544/
[5]http://xforce.iss.net/xforce/xfdb/82385
[6]http://www.osvdb.org/show/osvdb/90640
Changelog
25.02.2013Initial release
26.02.2013Added reference [1], [2], [3] and [4]
27.02.2013Added reference [5]
28.02.2013Added reference [6]