CVE-2006-1127

Gallery 2 up to 2.0.2 - Cross-Site Scripting via X-Forwarded-For Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1127. PoCs published by GulfTech Security.

AI-analyzed exploit summary The document describes multiple vulnerabilities in Gallery 2 <= 2.0.2, including IP spoofing via X_FORWARDED_FOR, script injection, and arbitrary file access due to improper session ID handling. It provides code snippets and explanations but does not include executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43837

View Code ZIP pw:eip

The document describes multiple vulnerabilities in Gallery 2 <= 2.0.2, including IP spoofing via X_FORWARDED_FOR, script injection, and arbitrary file access due to improper session ID handling. It provides code snippets and explanations but does not include executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Gallery 2 <= 2.0.2

No auth needed

Prerequisites: Access to the target Gallery 2 installation · Ability to send crafted HTTP headers

MITRE ATT&CK