singapore v0.9.11 cross site scripting and path disclosure
Because of singapores heavy use of classes it has multiple path disclosure
occurences. The following pages all produced class related errors when
navigating directly to them in your browser.
gallery/includes/admin.class.php
templates/admin_default/ all the .tpl.php files
templates/default/ all the the .tpl.php files
Also the gallery $_GET parameter on www.site.com/index.php is not properly
checked leading to cross site scripting. We used
http://www.site.com/index.php?gallery=%3Cimg%20onmouseover=%22alert('hi')%22%20style=%22position:%20absolute;%20top:0px;%20left:%200px;%20width:%201000%;%20height:%201000%;%22%3E
and other similar scripts to produce the xss.