ID OSVDB:25443 Type osvdb Reporter d4igoro(d4igoro@gmail.com) Modified 2006-05-05T05:47:39
Description
Vulnerability Description
Dynamic Galerie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pfad' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Dynamic Galerie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pfad' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
{"id": "OSVDB:25443", "bulletinFamily": "software", "title": "Dynamic Galerie index.php pfad Variable XSS", "description": "## Vulnerability Description\nDynamic Galerie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pfad' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDynamic Galerie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pfad' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/index.php?pfad=[XSS]\n## References:\nVendor URL: http://www.timobraun.de/\n[Secunia Advisory ID:19995](https://secuniaresearch.flexerasoftware.com/advisories/19995/)\n[Related OSVDB ID: 25442](https://vulners.com/osvdb/OSVDB:25442)\n[Related OSVDB ID: 25444](https://vulners.com/osvdb/OSVDB:25444)\n[Related OSVDB ID: 25441](https://vulners.com/osvdb/OSVDB:25441)\nOther Advisory URL: http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html\nFrSIRT Advisory: ADV-2006-1699\n[CVE-2006-2294](https://vulners.com/cve/CVE-2006-2294)\nBugtraq ID: 17896\n", "published": "2006-05-05T05:47:39", "modified": "2006-05-05T05:47:39", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:25443", "reporter": "d4igoro(d4igoro@gmail.com)", "references": [], "cvelist": ["CVE-2006-2294"], "type": "osvdb", "lastseen": "2017-04-28T13:20:22", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "8256996fba897600b499d0556ccce35d"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "1d4cb59cd098c6dd74ed944c8497cb3b"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "a1800450691f38f232b62ec00517075e"}, {"key": "href", "hash": "efb1dab7c73da6a7417084df1f4b112e"}, {"key": "modified", "hash": "a2687721365144b63595dd3bdb80f009"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "a2687721365144b63595dd3bdb80f009"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "1ec522a20ed30916a337b4dc75779e53"}, {"key": "title", "hash": "a4f149544def253530a5c8b0466f9c69"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "4ae217b42e9a5a6edf2eb854d108d9d8b49eb0eec613b1fc6c13f4839eb77a31", "viewCount": 1, "objectVersion": "1.2", "affectedSoftware": [{"name": "Dynamic Galerie", "operator": "eq", "version": "1.0"}], "enchantments": {"vulnersScore": 4.3}}
{"result": {"cve": [{"id": "CVE-2006-2294", "type": "cve", "title": "CVE-2006-2294", "description": "Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal.", "published": "2006-05-09T22:14:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2294", "cvelist": ["CVE-2006-2294"], "lastseen": "2016-09-03T06:55:04"}], "osvdb": [{"id": "OSVDB:25444", "type": "osvdb", "title": "Dynamic Galerie galerie.php id Variable XSS", "description": "## Vulnerability Description\nDynamic Galerie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'galerie.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDynamic Galerie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'galerie.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/galerie.php?id=[XSS]\n## References:\nVendor URL: http://www.timobraun.de/\n[Secunia Advisory ID:19995](https://secuniaresearch.flexerasoftware.com/advisories/19995/)\n[Related OSVDB ID: 25442](https://vulners.com/osvdb/OSVDB:25442)\n[Related OSVDB ID: 25443](https://vulners.com/osvdb/OSVDB:25443)\n[Related OSVDB ID: 25441](https://vulners.com/osvdb/OSVDB:25441)\nOther Advisory URL: http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html\nFrSIRT Advisory: ADV-2006-1699\n[CVE-2006-2294](https://vulners.com/cve/CVE-2006-2294)\nBugtraq ID: 17896\n", "published": "2006-05-05T05:47:39", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:25444", "cvelist": ["CVE-2006-2294"], "lastseen": "2017-04-28T13:20:22"}], "exploitdb": [{"id": "EDB-ID:27841", "type": "exploitdb", "title": "timobraun Dynamic Galerie 1.0 galerie.php id Parameter XSS", "description": "timobraun Dynamic Galerie 1.0 galerie.php id Parameter XSS. CVE-2006-2294 . Webapps exploit for php platform", "published": "2006-05-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/27841/", "cvelist": ["CVE-2006-2294"], "lastseen": "2016-02-03T06:51:33"}, {"id": "EDB-ID:27840", "type": "exploitdb", "title": "timobraun Dynamic Galerie 1.0 index.php pfad Parameter XSS", "description": "timobraun Dynamic Galerie 1.0 index.php pfad Parameter XSS. CVE-2006-2294. Webapps exploit for php platform", "published": "2006-05-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/27840/", "cvelist": ["CVE-2006-2294"], "lastseen": "2016-02-03T06:51:25"}]}}
