Simple PHP Gallery System SP_Index.PHP Cross-Site Scripting Vulnerability

Bugtraq ID:	21278
Class:	Input Validation Error
CVE:	CVE-2006-6273
Remote:	Yes
Local:	No
Published:	Nov 24 2006 12:00AM
Updated:	Dec 27 2006 08:27PM
Credit:	Al7ejaz Hacker is credited with the discovery of this vulnerability.
Vulnerable:	Relatively Absolute Simple PHP Gallery 1.1
Not Vulnerable:

Simple PHP Gallery System SP_Index.PHP Cross-Site Scripting Vulnerability

Simple PHP Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 1.1 is vulnerable to this issue; other versions may also be affected.

Simple PHP Gallery System SP_Index.PHP Cross-Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.

An example URI has been provided:

http://www.example.com/sp_index.php?dir=[xss]

Simple PHP Gallery System SP_Index.PHP Cross-Site Scripting Vulnerability

Solution:
The vendor has provided a patch to address this issue; please see the reference section for details.

Simple PHP Gallery System SP_Index.PHP Cross-Site Scripting Vulnerability

References:

• Simple PHP Gallery Product Information (WordPress)
  
• Cross site scripting & fullpath disclosure ([email protected])
  
• Re: Cross site scripting & fullpath disclosure ([email protected])