BugTraq
Instant Photo Gallery <= Multiple XSS Apr 25 2006 05:23PM
qex bsdmail org (1 replies)
Re: Instant Photo Gallery <= Multiple XSS Apr 27 2006 03:55AM
security curmudgeon (jericho attrition org)

: Discovered by: Qex
: Date: 25 April 2006
:
: /member.php?action=viewpro&member=[XSS]

Can you confirm this? Doing a quick grep of the 1.0.2 source code finds no
occurace of "viewpro" at all. The line above also happens to be exactly
the same as your DevBB disclosure, suggesting this may be a bad cut/paste?

Additionally, in the subsequent posting you refer to additional scripts
being affected:

/portfolio.php?cat_id=[XSS]
/portfolio_photo_popup.php?id=[XSS]

Secunia apparently wasn't able to validate all of the XSS but instead
found one SQL injection issue: http://secunia.com/advisories/19813/

Can you confirm or clarify any of the above?

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus