From: preddy . <lil.turk@email.com>
To: cert@cert.org, Vuln@frsirt.com, moderators@osvdb.org, vuln@secunia.com, news-editor@securityfocus.com
Date: Tue, 03 Jan 2006 12:25:52 -0500
Subject: [OSVDB Mods] Enhanced Simple PHP Gallery 1.7 (Cross Site Scripting & Full Path Disclosure)

Enhanced Simple PHP Gallery 1.7 (Cross Site Scripting & Full Path
Disclosure)

(not sure) Vendor URL: http://www.quirm.net/

PoC:

Cross Site Scripting

http://www.ul.ie/languagecentre/gallery/index.php?dir="><h1>lol</h1>

Full Path Disclosure

/export/home/ulweb/www/languagecentre/gallery/sp_helper_functions.php

Preddy
RootShell Security Group