#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~### Exploit Title: Piwigo 2.5.2 <= Cross Site Scripting# Date: 2013 26 September# Author: Arsan# Software Homepage: http://www.piwigo.org# Version : 2.5.2# Tested on: Linux & Windows# Category: webapps# Google Dork: intext:"Powered by Piwigo"##~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~### [+] Exploit :## [-] About Piwigo :## Host and share your photos with Piwigo# Piwigo is photo gallery software for the web, built by an active community of users and developers.# Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource.# Browse the demo (http://www.piwigo.org/demo) to discover Piwigo features on gallery side and change graphical theme on the fly.## [-] Description :# # 1) Download "Piwigo" And Install.# 2) Create New Album ( Photos > Add > create a new album ) ~> Follow this link :# http://localhost/piwigo/admin.php?page=photos_add# 3) Insert A photo In Your Album And Save It.# 4) And Go To Photo Edit; Follow This Way :# Photos > Batch Manager > single mode# http://localhost/piwigo/admin.php?page=batch_manager&mode=unit# 5) Now Insert This Code In "Title","Author","Tags","Description" :# "><script>alert(/Arsan/)</script># 6) Try To See Your Photo In Gallery;# http://localhost/cms/piwigo/picture.php?/[Number Photo]/category/[Number Album]# :) You See Alert "Arsan" . Enjoy ;)##~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~### [+] Demo :## http://www.piwigo.org/demo##~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~### [+] Contact Me :## Arsan.Blackhat@gmail.com# Twitter.com/ArsanBlackhat# #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~## I L0ve Inj3ct0r Team#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
