| 제목 | needyamin image_gallery 1.0 Cross Site Scripting |
|---|
| 설명 | Image_Gallery | view.php?username= | Cross Site Scripting (Reflected XSS) | Found By Maloy Roy Orko
Vulnerable Product:
https://github.com/needyamin/image_gallery
Vendor Link:
https://github.com/needyamin/
Vendor: needyamin
Product Name: image_gallery
Type: Image Gallery Management System
????????????????????
Title of the Vulnerability: Image_Gallery | view.php?username= | Cross Site Scripting (Reflected XSS) | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Reflected Cross Site Scripting
Product Name: image_gallery
Vendor:
needyamin
Vendor Link:
https://github.com/needyamin/
Vulnerable Product Link: https://github.com/needyamin/image_gallery/
Affected Components:
view.php?username=
Suggested Description:
Reflected XSS in "view.php?username=" in "image_gallery application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to execute malicious JavaScript code via XSS as no validations are provided and can get cookies of admin" via "view.php?username=".
Attack Vectors:
To exploit vulnerability,he has to input XSS exploits via view.php?username= and then he can give the links to their targets even Admin and when targets click it! Attacker can gain admin cookie and then he can login admin and as the file upload isn't protected can hijack the whole server too!He can even execute malicious JavaScript codes into visitors browser via this vulnerability.
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/imagegallery-viewphpusername-cross-site.html
|
|---|
| 원천 | ⚠️ https://www.websecurityinsights.my.id/2025/01/imagegallery-viewphpusername-cross-site.html |
|---|
| 사용자 | MaloyRoyOrko (UID 79572) |
|---|
| 제출 | 2025. 01. 15. PM 06:18 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 26. PM 04:40 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 293481 [needyamin image_gallery 1.0 /view.php 사용자 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|