Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19340
HistoryMar 05, 2008 - 12:00 a.m.

Minigal 2 critical XSS

2008-03-0500:00:00
vulners.com
29
JSON

Title: Minigal 2 critical XSS
Author: Jose Carlos Norte ([email protected])
Date: 4-3-2008
Severity: high
Vendor URL: http://www.minigal.dk/

------- Introduction

Minigal 2(a.k.a. MG2) is a picture album written in
PHP, it have a simple administration panels, and
makes non-ajax browsable albums.

------- The problem

The problem consist in a fully exploitable XSS. MG2
allows NON-Admin users to browser some areas of the
admin panel, and one of these, have a XSS problem.

------- Exploitation

admin.php?action=import&list=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E

------- Status

Vendor contacted without response.

------- Credits

This bug was discovered by Jose Carlos Norte,
([email protected]).

JSON