exploitdb
WORKING POC
VERIFIED
by K-9999 · textwebappsphp
https://www.exploit-db.com/exploits/31599
This exploit demonstrates a cross-site scripting (XSS) vulnerability in mcGallery 1.1 by injecting a malicious script into the 'lang' parameter of stats.php. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies.
Classification
Working Poc 90%
Target:
mcGallery 1.1
No auth needed
Prerequisites:
Access to the target URL with the vulnerable parameter
exploitdb
WORKING POC
VERIFIED
by K-9999 · textwebappsphp
https://www.exploit-db.com/exploits/31602
This exploit demonstrates a cross-site scripting (XSS) vulnerability in mcGallery 1.1 by injecting a malicious script via the 'lang' parameter in the show.php file. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.
Classification
Working Poc 90%
Target:
mcGallery 1.1
No auth needed
Prerequisites:
Access to the vulnerable mcGallery instance
exploitdb
WORKING POC
VERIFIED
by K-9999 · textwebappsphp
https://www.exploit-db.com/exploits/31598
This exploit demonstrates a cross-site scripting (XSS) vulnerability in mcGallery 1.1 by injecting a malicious script via the 'lang' parameter in sess.php. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies.
Classification
Working Poc 90%
Target:
mcGallery 1.1
No auth needed
Prerequisites:
Access to the target URL with the vulnerable parameter
exploitdb
WORKING POC
VERIFIED
by K-9999 · textwebappsphp
https://www.exploit-db.com/exploits/31601
This exploit demonstrates a cross-site scripting (XSS) vulnerability in mcGallery 1.1 by injecting a malicious script via the 'lang' parameter in resize.php. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies.
Classification
Working Poc 90%
Target:
mcGallery 1.1
No auth needed
Prerequisites:
Access to the vulnerable mcGallery instance
exploitdb
WORKING POC
VERIFIED
by K-9999 · textwebappsphp
https://www.exploit-db.com/exploits/31597
This exploit demonstrates a cross-site scripting (XSS) vulnerability in mcGallery 1.1 by injecting a malicious script via the 'lang' parameter in the URL. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.
Classification
Working Poc 90%
Target:
mcGallery 1.1
No auth needed
Prerequisites:
Access to the target application's URL
exploitdb
WORKING POC
VERIFIED
by K-9999 · textwebappsphp
https://www.exploit-db.com/exploits/31600
This exploit demonstrates a reflected XSS vulnerability in mcGallery 1.1 by injecting a malicious script via the 'lang' parameter in detail.php. The PoC uses a simple JavaScript alert to confirm the vulnerability.
Classification
Working Poc 90%
Target:
mcGallery 1.1
No auth needed
Prerequisites:
Access to the vulnerable mcGallery instance
exploitdb
WRITEUP
VERIFIED
by K-9999 · textwebappsphp
https://www.exploit-db.com/exploits/31596
The provided text describes a cross-site scripting (XSS) vulnerability in mcGallery 1.1, where user-supplied input is not properly sanitized. The example demonstrates a reflected XSS attack via the 'lang' parameter in admin.php.
Classification
Writeup 90%
Target:
mcGallery 1.1
No auth needed
Prerequisites:
Access to the vulnerable admin.php endpoint