Re: Instant Photo Gallery <= Multiple XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Instant Photo Gallery <= Multiple XSS
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Wed, 26 Apr 2006 23:55:46 -0400 (EDT)
Cc: qex@xxxxxxxxxxx
In-reply-to: <20060425172339.10117.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060425172339.10117.qmail@xxxxxxxxxxxxxxxxx>

: Discovered by: Qex 
: Date: 25 April 2006 
: 
: /member.php?action=viewpro&member=[XSS]

Can you confirm this? Doing a quick grep of the 1.0.2 source code finds no 
occurace of "viewpro" at all. The line above also happens to be exactly 
the same as your DevBB disclosure, suggesting this may be a bad cut/paste?

Additionally, in the subsequent posting you refer to additional scripts 
being affected:

/portfolio.php?cat_id=[XSS]
/portfolio_photo_popup.php?id=[XSS]

Secunia apparently wasn't able to validate all of the XSS but instead 
found one SQL injection issue: http://secunia.com/advisories/19813/

Can you confirm or clarify any of the above?

References:
- Instant Photo Gallery <= Multiple XSS
  - From: qex

Prev by Date: [security bulletin] HPSBUX02075 SSRT051074 rev.4 - HP-UX Running xterm Local Unauthorized Access
Next by Date: [ GLSA 200604-17 ] Ethereal: Multiple vulnerabilities in protocol dissectors
Previous by thread: Instant Photo Gallery <= Multiple XSS
Next by thread: Re: Instant Photo Gallery <= Multiple XSS
Index(es):
- Date
- Thread