################################################
GOOP Gallery 'image' param Cross-site scripting
Vendor url:http://www.webgeneius.com
Advisore:http://lostmon.blogspot.com/2006/10/
goop-gallery-image-param-cross-site.html
Vendor notify: YES Exploit available: YES
securitytracker:1017081
Secunia: SA22258
BID:20554
################################################
GOOP Gallery contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate 'image' param upon submission to index.php script.
This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server, leading
to a loss of integrity.
################
Versions
################
GOOP Gallery 2.0 vulnerable
GOOP Gallery 2.0.3 not Vulnerable
################
Solution
################
Upgrade to GOOP gallery 2.0.3as soon as possible.
http://webgeneius.com/index.php?mod=blog&id=49
Download GG2.0.3:
http://webgeneius.com/downloads/gg2.0.3.zip
################
Timeline
################
Discovered:09-10-2006
Vendor notify:14-10-2006
Vendor response:15-10-2006
Vendor Fix: 16-10-2006
Disclosure: 16-10-2006
##############
Example
##############
http://Victim/goopgallery/index.php?next=%BB&gallery=demo+gallery+1
&image=Bunny.JPG">[XSS-CODE]
http://Victim/goopgallery/index.php?gallery=demo+gallery+1
&image=Bunny.JPG">[XSS-CODE]
######################## €nd #####################
Thnx to Estrella to be my ligth.
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....