Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: b06-1815.htm

Scry Gallery XSS Vulnerability



Scry Gallery XSS Vulnerability
Scry Gallery XSS Vulnerability



Software : Scry Gallery v1.1
WebSite :http://scry.org/ 

ISSUE :
The software is prone to a XSS attack using the  following proof of concept :

http://anysiteusingscrygallery.com/[Path to scry gallery]/index.php?v=list&i=0&p= 

One can execute mailcious scripts using the above code in the web browser.
The above concept also aids a path disclosure to the remote attacker. This vulnerability has been tested and exits on Scry Gallery v1.1.

Additional Credits : mayank , ranjan & jha. 






TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH