MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability

Title: MTP Image Gallery 1.0 (title) Remote Script Insertion Vulnerability
Advisory ID: ZSL-2013-5130
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 25.02.2013
Summary
MTP Image Gallery offers more control, better uploading and enhanced performance. With MTP Image Gallery you can easily create and maintain albums of photos via an intuitive, web interface.
Description
MTP Image Gallery suffers from a stored XSS vulnerability when parsing user input to the 'title' parameter via POST method thru 'edit_photos.php' and 'add_cat.php' scripts. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
Vendor
MTP Scripts - http://www.morephp.net
Affected Version
1.0
Tested On
Linux, Apache2
Vendor Status
[17.02.2013] Vulnerability discovered.
[19.02.2013] Contact with the vendor.
[24.02.2013] No response from the vendor.
[25.02.2013] Public security advisory released.
PoC
mtpimagegallery_xss.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.com/files/120531
[2] http://www.securityfocus.com/bid/58146
[3] http://cxsecurity.com/issue/WLB-2013020189
[4] http://www.exploit-db.com/exploits/24544/
[5] http://xforce.iss.net/xforce/xfdb/82385
[6] http://www.osvdb.org/show/osvdb/90640
Changelog
[25.02.2013] - Initial release
[26.02.2013] - Added reference [1], [2], [3] and [4]
[27.02.2013] - Added reference [5]
[28.02.2013] - Added reference [6]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk