Gallery Album Comments HTML Injection Vulnerability
BID:16940
Info
Gallery Album Comments HTML Injection Vulnerability
| Bugtraq ID: | 16940 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2006 12:00AM |
| Updated: | Mar 08 2006 03:20PM |
| Credit: | Discovery is credited to James Bercegay. |
| Vulnerable: |
Gallery Gallery 2.0.2 Gallery Gallery 2.0.1 Gallery Gallery 2.0 Beta3 Gallery Gallery 2.0 Beta2 Gallery Gallery 2.0 Beta1 Gallery Gallery 2.0 Alpha4 Gallery Gallery 2.0 Alpha3 Gallery Gallery 2.0 Alpha2 Gallery Gallery 2.0 Alpha1 Gallery Gallery 2.0 Alpha Gallery Gallery 2.0 |
| Not Vulnerable: |
Gallery Gallery 2.0.3 |
Discussion
Gallery Album Comments HTML Injection Vulnerability
Gallery is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is reported to affect versions 2.0.0. through 2.0.2. Other versions may also be vulnerable.
Gallery is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is reported to affect versions 2.0.0. through 2.0.2. Other versions may also be vulnerable.
Exploit / POC
Gallery Album Comments HTML Injection Vulnerability
These issues can be exploited through use of a web client.
These issues can be exploited through use of a web client.
Solution / Fix
Gallery Album Comments HTML Injection Vulnerability
Solution:
The vendor has released version 2.0.3 to address this issue.
Gallery Gallery 2.0
Gallery Gallery 2.0 Beta3
Gallery Gallery 2.0 Beta2
Gallery Gallery 2.0 Beta1
Gallery Gallery 2.0 Alpha3
Gallery Gallery 2.0 Alpha1
Gallery Gallery 2.0 Alpha
Gallery Gallery 2.0 Alpha4
Gallery Gallery 2.0 Alpha2
Gallery Gallery 2.0.1
Gallery Gallery 2.0.2
Solution:
The vendor has released version 2.0.3 to address this issue.
Gallery Gallery 2.0
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Beta3
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Beta2
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Beta1
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Alpha3
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Alpha1
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Alpha
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Alpha4
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0 Alpha2
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0.1
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
Gallery Gallery 2.0.2
-
Gallery gallery-2.0.3-typical.tar.gz
http://prdownloads.sourceforge.net/gallery/gallery-2.0.3-typical.tar.g z
References
Gallery Album Comments HTML Injection Vulnerability
References:
References:
- Gallery 2 Multiple Vulnerabilities (Bharat Mediratta)
- Gallery Product Page (Gallery)
- [[email protected]: Gallery 2 Multiple Vulnerabilities] (GulfTech Security Research
)