iGallery Plugin v1.0.0 (dir) Remote Cross-Site Scripting Vulnerability

2011-09-17T00:00:00
ID ZSL-2011-5046
Type zeroscience
Reporter Gjoko Krstic
Modified 2011-09-17T00:00:00

Description

Title: iGallery Plugin v1.0.0 (dir) Remote Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2011-5046
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.09.2011

Summary

iGallery uses MooTools - image resizing done dynamically using phpThumb - resized images are cached.

Description

iGallery suffers from a XSS vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Vendor

net4visions.com - <http://www.net4visions.com>

Affected Version

1.0.0

Tested On

Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41

Vendor Status

N/A

PoC

igallery_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://packetstormsecurity.org/files/105200>
[2] <http://www.securityfocus.com/bid/49675>
[3] <http://securityreason.com/wlb_show/WLB-2011090089>
[4] <http://xforce.iss.net/xforce/xfdb/69921>

Changelog

[17.09.2011] - Initial release
[18.09.2011] - Added reference [1]
[20.09.2011] - Added reference [2] and [3]
[22.09.2011] - Added reference [4]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;