minigal-xss.txt

minigal-xss.txt: Posted Mar 4, 2008; Authored by Jose Carlos Norte; Minigal 2 aka MG2 is susceptible to a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 7071f2f99cf637a797b9a2f46856d30ae239eed5ae3348826fa97fc38c0b2d7d; Download | Favorite | View

minigal-xss.txt

Title: Minigal 2 critical XSS
Author: Jose Carlos Norte (jose@eyeos.org)
Date: 4-3-2008
Severity: high
Vendor URL: http://www.minigal.dk/

------- Introduction

Minigal 2(a.k.a. MG2) is a picture album written in PHP, it have a simple administration panels, and makes non-ajax browsable albums.

------- The problem

The problem consist in a fully exploitable XSS. MG2 allows NON-Admin users to browser some areas of the admin panel, and one of these, have a XSS problem.

------- Exploitation

admin.php?action=import&list=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E

------- Status

Vendor contacted without response.

------- Credits

This bug was discovered by Jose Carlos Norte, (jose@eyeos.org).

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

minigal-xss.txt

minigal-xss.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

minigal-xss.txt

Share This

minigal-xss.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems