minigal-xss.txt

minigal-xss.txt: Posted Mar 4, 2008; Authored by Jose Carlos Norte; Minigal 2 aka MG2 is susceptible to a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 7071f2f99cf637a797b9a2f46856d30ae239eed5ae3348826fa97fc38c0b2d7d; Download | Favorite | View

minigal-xss.txt

Title: Minigal 2 critical XSS
Author: Jose Carlos Norte (jose@eyeos.org)
Date: 4-3-2008
Severity: high
Vendor URL: http://www.minigal.dk/

------- Introduction

Minigal 2(a.k.a. MG2) is a picture album written in PHP, it have a simple administration panels, and makes non-ajax browsable albums.

------- The problem

The problem consist in a fully exploitable XSS. MG2 allows NON-Admin users to browser some areas of the admin panel, and one of these, have a XSS problem.

------- Exploitation

admin.php?action=import&list=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E

------- Status

Vendor contacted without response.

------- Credits

This bug was discovered by Jose Carlos Norte, (jose@eyeos.org).

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 64 files
indoushka 59 files
Debian 21 files
LiquidWorm 19 files
Google Security Research 8 files
Gentoo 7 files
Seth Jenkins 4 files
Emiliano Febbi 4 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,676)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,132)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

minigal-xss.txt

minigal-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

minigal-xss.txt

Share This

minigal-xss.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems