iGallery Plugin v1.0.0 (dir) Remote Cross-Site Scripting Vulnerability

Title: iGallery Plugin v1.0.0 (dir) Remote Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2011-5046
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.09.2011
Summary
iGallery uses MooTools - image resizing done dynamically using phpThumb - resized images are cached.
Description
iGallery suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
Vendor
net4visions.com - http://www.net4visions.com
Affected Version
1.0.0
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
N/A
PoC
igallery_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.org/files/105200
[2] http://www.securityfocus.com/bid/49675
[3] http://securityreason.com/wlb_show/WLB-2011090089
[4] http://xforce.iss.net/xforce/xfdb/69921
Changelog
[17.09.2011] - Initial release
[18.09.2011] - Added reference [1]
[20.09.2011] - Added reference [2] and [3]
[22.09.2011] - Added reference [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk