3 matches found
XSS flaw in MG2 Image Gallery (v.0.5.1)
Users can inject XSS into the form field "Name", when adding a comment on a picture. This will lead to the execution of XSS code. Simple scripting like scriptalert'hello'/script , and more advanced document.location, and document.cookie works. This has been tested on version 0.5.1. Other versions...
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images
The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once. By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder. Sample manipulation could be:...
mg2-image.txt
The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once. By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder. Sample manipulation could be:...