TUCoPS :: Web :: Apps :: b06-1815.htm

Scry Gallery XSS Vulnerability
Scry Gallery XSS Vulnerability
Scry Gallery XSS Vulnerability


Software : Scry Gallery v1.1
WebSite :http://scry.org/ 

ISSUE :
The software is prone to a XSS attack using the  following proof of concept :

http://anysiteusingscrygallery.com/[Path to scry gallery]/index.php?v=list&i=0&p= 

One can execute mailcious scripts using the above code in the web browser.
The above concept also aids a path disclosure to the remote attacker. This vulnerability has been tested and exits on Scry Gallery v1.1.

Additional Credits : mayank , ranjan & jha.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH