singapore Image Gallery index.php image Variable XSS

2004-12-16T05:07:43
ID OSVDB:12572
Type osvdb
Reporter Tan Chew Keong(chewkeong@security.org.sg)
Modified 2004-12-16T05:07:43

Description

Vulnerability Description

singapore Image Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'image' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 0.9.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

singapore Image Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'image' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/index.php?gallery=.&image=<script>alert('XSS');</script>&lang=en_us

References:

Vendor URL: http://singapore.sourceforge.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/showfiles.php?group_id=77687 Security Tracker: 1012567 Related OSVDB ID: 12570 Related OSVDB ID: 12569 Related OSVDB ID: 12571 Related OSVDB ID: 12573 Other Advisory URL: http://www.security.org.sg/vuln/singapore0910.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0211.html ISS X-Force ID: 18535 CVE-2004-1409 Bugtraq ID: 11990