312Soft PhP-Gallery Multiple Input Validation Vulnerabilities

Bugtraq ID:	17812
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 03 2006 12:00AM
Updated:	Aug 01 2006 11:21PM
Credit:	d4igoro is credited with the discovery of these vulnerabilities.
Vulnerable:	321soft PhP-Gallery 0.9
Not Vulnerable:	321soft PhP-Gallery 0.96

312Soft PhP-Gallery Multiple Input Validation Vulnerabilities

PhP-Gallery is prone to an information-disclosure vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities to retrieve arbitrary files from the vulnerable system in the context of the affected application or to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

312Soft PhP-Gallery Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a web client.

Example URIs have been provided:

• /data/vulnerabilities/exploits/php-gallery-0.9-xss-lfi.txt

312Soft PhP-Gallery Multiple Input Validation Vulnerabilities

Solution:
The vendor has released version 0.96 to address this issue.


321soft PhP-Gallery 0.9

• 321soft gallery96.zip
  http://321soft.de/software/download.php?download=gallery96.zip

312Soft PhP-Gallery Multiple Input Validation Vulnerabilities

References:

• 321soft PhP Gallery 0.9 - directory travel & XSS (d4igoro)
  
• PHP-Gallery Web Site (321soft)
  
• 321soft PhP Gallery 0.9 - directory travel & XSS ([email protected])