Jump to content

4images Cross Site Scripting / Clickjacking

Recommended Posts

# Affected software: 4images
# Type of vulnerability: clickjacking,xss
# URL: http://www.4homepages.de/
# Discovered by: Provensec
# Website: http://www.provensec.com
# Description: 4images is a powerful web-based image gallery management
system. Features include comment system, user registration and mangagement,
password protected administration area with browser-based upload and HTML
templates for page layout and design.
# Proof of concept

1st:click jacking --:

4images was vuln to clickjacking which could be exploited and used to
delete category


clickjacking poc -:


2nd: xss

adding a new category with xss payload leads to persistent xss vuln



Best Regards,
*Ankit Bharathan.*

*Save Energy... Save Nature... Go Green...*
P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...