Praetorian503 Posted February 12, 2013 Report Posted February 12, 2013 IP.Gallery 4.2.x and 5.0.x Persistent XSS Vulnerability# Exploit Title: IP.Gallery 4.2.x and 5.0.x persistent XSS vulnerability# Date: 8/2/2013# Exploit Author: Mohamed Ramadan# Author HomePage: http://www.Attack-Secure.com# Author Twitter : https://twitter.com/Attack_Secure# Vendor Homepage: http://www.invisionpower.com/# Software Link: http://www.invisionpower.com/apps/gallery/# Version: IP.Gallery 4.2.x and 5.0.ximage title is vulnerable to persistent XSS vulnerability which allow anynormal member to hack any administrator account or any other member account.we contacted the vendor and reported this issue to them and they fixed itand released this patch:http://community.invisionpower.com/topic/379028-ipgallery-42x-and-50x-security-update/Here is a video demonstrating the attack in action :https://docs.google.com/file/d/0B_cpjifQmPbZMmxVcEdqU3A1aU0/edit?usp=sharingand here is another video demonstrating how to bypass httponly cookies :https://docs.google.com/file/d/0B_cpjifQmPbZemFsbFJDRnVkVTA/edit?usp=sharingMohamed Ramadan ( Attack-Secure.com )Source: IP.Gallery 4.2.x and 5.0.x Persistent XSS Vulnerability Quote