High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pixelpost which could be exploited to perform cross-site scripting attacks and disclose potentially sensitive information.
1) Cross-site scripting vulnerability in Pixelpost
The vulnerability exists due to input sanitation error in the "visitorinfo" cookie in index.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
GET /index.php?popup=comment&showimage=1 HTTP/1.1
2) Information disclosure vulnerability in Pixelpost
The vulnerability exists due to insufficient sanitation of input data in the "lang" in index.php. A remote attacker can read arbitrary files on the target system. Successful exploitation requires that register_globals is enabled.
GET /index.php?popup=comment&language_full=english HTTP/1.1