gallarific-xss.txt

Posted on 16 April 2008

Hello,

I was looking at the free version of gallarific, and I found some suspicious
code in the scopbin directory.
Attached is a file I found in the zip i downloaded, in case someone wants to
decode it.

the package can be downloaded from
http://www.gallarific.com/download.php

Also, the software contains several xss flaws:

1) When modifying a user his email address like
h@h.com"><script>alert(1);</script>
persistent xss wil occur when viewing gadmin/users.php or moderating the
comments in gadmin/comments.php

2) When adding a comment like "><script>alert(1)</script> , xss will occur
when moderating the comments

3) gallery/tags.php?tag="><script>alert(1)</script>

4) probably more bugs.

Regards,
Thomas Pollet

TOP

Malware :

Drovorub
Backdoor:Linux/IoTReaper
Ransom:Linux/Erebus.A
Backdoor:Linux/Luabot.A
Linux.Lady

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20