HTB22964: XSS in SelectaPix Image Gallery

Type securityvulns
Reporter Securityvulns
Modified 2011-05-03T00:00:00


Vulnerability ID: HTB22964 Reference: Product: SelectaPix Image Gallery Vendor: ( ) Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011 Vulnerability Type: XSS (Cross Site Scripting) Risk level: Medium Credit: High-Tech Bridge SA Security Research Lab ( )

Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the "/admin/upload.php" script to properly sanitize user-supplied input in "uploadername" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. The following PoC is available:

<form action="http://[host]/admin/upload.php?albumID=1&parentID=0&request=single" method="post" name="main" id="main"> <input type="hidden" name="uploadername" value='"><script>alert(document.cookie);</script>'> <input type="submit" value="OK"> </form>