Amateur Photographer's Image Gallery plist.php albumid Parameter XSS

2012-10-18T00:00:00
ID EDB-ID:37962
Type exploitdb
Reporter cr4wl3r
Modified 2012-10-18T00:00:00

Description

Amateur Photographer's Image Gallery plist.php albumid Parameter XSS. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/56110/info
  
Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data.
  
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and obtain sensitive information from local files on computers running the vulnerable application.
  
Amateur Photographer's Image Gallery 0.9a is vulnerable; other versions may also be affected. 

http://www.example.com/path_gallery/plist.php?albumid=[XSS]