ther is alot of xss Cross-Site Scripting i found it in cpg
by this programm it arabic programm
http://www.jaascois.com/software/AntiWebInjection/JAAScoisAWIen.zip
some of xss
http://127.0.0.1/f/misc.php?forget=1&index=1#top<script>alert('hacking%20xss')</script>
http://127.0.0.1/f/forum.php?id=7&show=1&order=1&order_type=DESC#posts_table<script>alert('hacking%20xss')</script>
and ther alot of that xss
in cpg
there is no misc.php or forum.php file,I think you examined older version or bridge version or totally other program
bmossavari is right: no coppermine version ever contained files named misc.php nor forum.php. As your links point to your local machine, we can't examine any further. Anyway: if your machine can only be accessed locally, why do you worry abot XSS?
If you think you actually found a vulnerability and not some bogus stuff detected by a questionable app that claims to be able to detect XSS vulnerabilities, please post actual details, i.e. vulnerable code snippets that come from coppermine.
As suggested: the "tool" JAAScoisAWIen (http://www.securityfocus.com/tools/3894) is very questionable, as google only contains hits for the website of the company that created the tool. How could an executable that only runs under Windows be a reliable webserver security tool? Looks like a trojan to me.
No offense though, thanks for the report.
Atleast post how to verify the attacks - some URLs which we can replicate the attack with (your given URLs are not relevant to Coppermine)
Quote from: GauGau on June 19, 2006, 09:03:40 PM
bmossavari is right: no coppermine version ever contained files named misc.php nor forum.php. As your links point to your local machine, we can't examine any further. Anyway: if your machine can only be accessed locally, why do you worry abot XSS?
If you think you actually found a vulnerability and not some bogus stuff detected by a questionable app that claims to be able to detect XSS vulnerabilities, please post actual details, i.e. vulnerable code snippets that come from coppermine.
As suggested: the "tool" JAAScoisAWIen (http://www.securityfocus.com/tools/3894) is very questionable, as google only contains hits for the website of the company that created the tool. How could an executable that only runs under Windows be a reliable webserver security tool? Looks like a trojan to me.
No offense though, thanks for the report.
hi but the JAAScoisAWIen (http://www.securityfocus.com/tools/3894) it's not trojan
im sorry this othoer program it's www.mysmartbb.com it's arabic forum programm
but this in cpg 1.4.x
http://coppermine-gallery.net/demo/cpg14x/thumbnails.php?album=<script>alert('hacking%20xss')</script>
http://coppermine-gallery.net/demo/cpg14x/thumbnails.php?album=toprated&amp=&cat=0&4x=&thumbnails_php?album=toprated&amp;cat=0&lang=english<script>alert('hacking%20xss')</script>
http://coppermine-gallery.net/demo/cpg14x/thumbnails.php?album=favpics&4x=&thumbnails_php?album=favpics&lang=spanish<script>alert('hacking%20xss')</script>
http://coppermine-gallery.net/demo/cpg14x/search.php?4x=&search_php=&lang=danish<script>alert('hacking%20xss')</script>
http://coppermine-gallery.net/demo/cpg14x/search.php?4x=&search_php=&lang=korean<script>alert('hacking%20xss')</script>
http://coppermine-gallery.net/demo/cpg14x/search.php?4x=&search_php=&lang=swedish<script>alert('hacking%20xss')</script>
these are not working !!!!
they all get filtered by gallery :)
every "<" will be come "<" so you will not be able to cross ;)
bmossavari is right none of the above result in an XSS